Home CioAxis Google Issues Patches for zero-day Chrome Bug

Google Issues Patches for zero-day Chrome Bug

by CIO AXIS

Google has released a Chrome update to address three security bugs, including a zero-day vulnerability that is being actively exploited in the wild.

Commenting on this Satnam Narang, Senior Research Engineer at Tenable said, “Google is aware of reports that a type confusion vulnerability in Google Chrome’s open source JavaScript and WebAssembly engine, V8, has been exploited in the wild.

“At this stage, details about the vulnerability (CVE-2020-6418) are minimal. However, researchers have published a proof-of-concept exploit for the flaw. Typically, we see these types of vulnerabilities paired with a sandbox escape flaw, which can be used to gain arbitrary code execution. For instance, a type confusion vulnerability in Mozilla Firefox was exploited along with a sandbox escape vulnerability in June 2019 as part of targeted attacks. However, no further information about the possibility of a second vulnerability associated with this attack are currently available.

“To mitigate this, be sure to identify vulnerable assets and apply the latest patch for Google Chrome in a timely fashion.”

Recommended for You

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Close Read More

See Ads