Google have recently fixed numerous security bugs in their Chrome browser. These Chrome bugs include two serious vulnerabilities as well as a zero-day flaw under active exploit. Chrome Zero-Day Under Exploit Researcher Clement Lecigne of Google’s Threat Analysis Group discovered a zero-day bug in the Chrome browser under active exploit. The vulnerability, CVE-2020-6418, was a type confusion flaw in V8 – a Chrome component that processes JavaScript code. Google labeled it a high-severity flaw in their advisory, what makes it serious is its exploitation in the wild. Though, Google hasn’t shared details about how the attackers are exploiting the bug. Yet, they confirm the zero-day is under attack. Other than this zero-day, Google also revealed two other bugs in the Chrome browser. These include two high-severity bugs for which, Google hasn’t hinted of any active exploitation. One of these caught the attention of Google Project Zero’s Sergei Glazunov. Google described it as an Out of bounds memory access in streams (CVE-2020-6407). The other vulnerability caught Google’s attention after researcher AndrĂ© Bargull reported it. This vulnerability, an integer overflow in the ICU component, the researcher was awarded a $5000 bounty. Google Released Patches Recently, Google has patched all the three flaws and released fixes with the latest Chrome version 80.0.3987.122. As the tech giant rolls out the updates, users must ensure their devices are updated to avoid any issues. This is particularly important considering the active exploitation of the zero-day. The present zero-day marks the third major vulnerability that caught the hackers’ attention before a fix. The first of these (CVE-2019-5786) surfaced online in March 2019. The attackers exploited this use after free flaw to target Windows 7. Whereas, the second vulnerability, another use after free flaw (CVE-2019-13720), appeared online in November 2019.
Friday, March 13, 2020
Load disqus comments
Subscribe to:
Post Comments (Atom)
Select Category
Popular Posts
-
macOS is a brand of proprietary graphical operating Systems developed by Apple and marketed as the primary OS in Mac computers. Its l...
-
The Dynamic Dependent Select Box is mostly used for the Nation-State-City dropdown in various web applications. In this article, we are go...
-
Hi dev, In this tutorial, i would like to guide you step by step paypal integration with laravel 6 application. we can easily integrat...
Blog Archive
- March 2020 (2)
- December 2019 (4)
- November 2019 (40)
0 comments