| Title | Google Patches Chrome Browser Zero-Day Bug, Under Attack | |
| Date | Wednesday February 26 2020, @05:18AM | |
| Author | martyb | |
| Topic | ||
| from the get-those-downloads-going dept. | ||
Google said Monday it has patched a Chrome web browser zero-day bug being actively exploited in the wild. The flaw affects versions of Chrome running on the Windows, macOS and Linux platforms.
The zero-day vulnerability, tracked as CVE-2020-6418, is a type of confusion bug and has a severity rating of high. Google said the flaw impacts versions of Chrome released before version 80.0.3987.122. The bug is tied to Chrome's open-source JavaScript and Web Assembly engine, called V8.
Technical details of CVE-2020-6418 are being withheld pending patch deployment to a majority of affected versions of the Chrome browser, according to Google. Generally speaking, memory corruption vulnerabilities occur when memory is altered without explicit data assignments triggering programming errors, which enable an adversary to execute arbitrary code on targeted devices.
[...] Credited for finding the bug is Google's Threat Analysis Group and researcher Clément Lecigne.
Google is also warning users of two additional high-severity vulnerabilities. One, tracked as CVE-2020-6407, is an "out of bounds memory access in streams" bug. The other bug, which does not have a CVE assignment, is a flaw tied to an integer overflow in ICU, a flaw commonly associated with triggering a denial of service and possibly to code execution.
Mitigation includes Windows, Linux, and macOS users download and install the latest version of Chrome.
-- submitted from IRC
| Links |
printed from SoylentNews, Google Patches Chrome Browser Zero-Day Bug, Under Attack on 2024-04-24 02:00:36