Article 4ZWJZ Google Patches Chrome Browser Zero-Day Bug, Under Attack

Google Patches Chrome Browser Zero-Day Bug, Under Attack

by
martyb
from SoylentNews on (#4ZWJZ)

Arthur T Knackerbracket has found the following story:

Google said Monday it has patched a Chrome web browser zero-day bug being actively exploited in the wild. The flaw affects versions of Chrome running on the Windows, macOS and Linux platforms.

The zero-day vulnerability, tracked as CVE-2020-6418, is a type of confusion bug and has a severity rating of high. Google said the flaw impacts versions of Chrome released before version 80.0.3987.122. The bug is tied to Chrome's open-source JavaScript and Web Assembly engine, called V8.

Technical details of CVE-2020-6418 are being withheld pending patch deployment to a majority of affected versions of the Chrome browser, according to Google. Generally speaking, memory corruption vulnerabilities occur when memory is altered without explicit data assignments triggering programming errors, which enable an adversary to execute arbitrary code on targeted devices.

[...] Credited for finding the bug is Google's Threat Analysis Group and researcher Cli(C)ment Lecigne.

Google is also warning users of two additional high-severity vulnerabilities. One, tracked as CVE-2020-6407, is an "out of bounds memory access in streams" bug. The other bug, which does not have a CVE assignment, is a flaw tied to an integer overflow in ICU, a flaw commonly associated with triggering a denial of service and possibly to code execution.

Mitigation includes Windows, Linux, and macOS users download and install the latest version of Chrome.

-- submitted from IRC

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments