Google patches Chrome Zero-day Bug


The new Chrome updates has been released by Google that addresses three security bugs, including a zero-day vulnerability which is being actively exploited in the wild.

The attacks were discovered on February 18, by Clement Lecigne, a member of Google’s Threat Analysis Group, which is a division at Google for investigating and tracking threat actor groups.

However, any details about the attacks are not made public and is currently unknown how this bug is being used against Chrome users.

Patches for the zero-day was released as part of Chrome version 80.0.3987.122. The update is available for Windows, Mac, and Linux users, and is currently not available for Chrome OS, iOS, and Android.

The zero-day which has been dubbed as CVE-2020-6418, is described only as a “type confusion in V8.” V8 is Chrome’s component responsible for processing JavaScript code.

A type confusion refers to coding bugs during which an app initializes data execution operations using input of a specific “type” but is tricked into treating the input as a different “type.”

The “type confusion” leads to logical errors in the app’s memory and can lead to situations where an attacker can run unrestricted malicious code inside an application.

This is the third Chrome zero-day which had been exploited in the wild in the past year.

All the users are advised to update to the latest version of Chrome at the earliest.

Chrome v80.0.3987.122 also has two additional security updates which were not exploited in the wild.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Mobile Banking App Security and Vulnerability Testing

    Previous article

    Australian banks targeted by DDoS extortionists

    Next article

    You may also like

    More in Info


    Leave a reply

    Your email address will not be published. Required fields are marked *