Google Patch Serious Chrome Bugs Including A Zero-Day Under Active Exploit

Google have recently fixed numerous security bugs in their Chrome browser. These Chrome bugs include two serious vulnerabilities as well as a zero-day flaw under active exploit.

Chrome Zero-Day Under Exploit

Researcher Clement Lecigne of Google’s Threat Analysis Group discovered a zero-day bug in the Chrome browser under active exploit. The vulnerability, CVE-2020-6418, was a type confusion flaw in V8 – a Chrome component that processes JavaScript code.

Google labeled it a high-severity flaw in their advisory, what makes it serious is its exploitation in the wild. Though, Google hasn’t shared details about how the attackers are exploiting the bug. Yet, they confirm the zero-day is under attack.

Other than this zero-day, Google also revealed two other bugs in the Chrome browser. These include two high-severity bugs for which, Google hasn’t hinted of any active exploitation. One of these caught the attention of Google Project Zero’s Sergei Glazunov. Google described it as an Out of bounds memory access in streams (CVE-2020-6407).

The other vulnerability caught Google’s attention after researcher André Bargull reported it. This vulnerability, an integer overflow in the ICU component, the researcher was awarded a $5000 bounty.

Google Released Patches

Recently, Google has patched all the three flaws and released fixes with the latest Chrome version 80.0.3987.122. As the tech giant rolls out the updates, users must ensure their devices are updated to avoid any issues. This is particularly important considering the active exploitation of the zero-day.

The present zero-day marks the third major vulnerability that caught the hackers’ attention before a fix. The first of these (CVE-2019-5786) surfaced online in March 2019. The attackers exploited this use after free flaw to target Windows 7.

Whereas, the second vulnerability, another use after free flaw (CVE-2019-13720), appeared online in November 2019.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients