Skip to main content

Chrome patches another serious zero-day vulnerability

Google Chrome
(Image credit: Shutterstock)

Google has revealed it has patched three security bugs including a zero-day vulnerability which was being actively exploited. This is the third such zero-day flaw that Google has needed to fix in under a year.

The latest patch of Chrome update version 80.0.3987.122 which has the fix for these bugs is now available for all Windows, Mac, and Linux users. However the Chrome app on Chrome OS, iOS, and Android has not been patched yet.

The flaw is linked to Chrome’s open-source JavaScript and Web Assembly system called V8 and is a type of a confusion bug tracked as CVE-2020-6418.

Chrome zero-day

Type Confusion occurs when a user is able to trick the program into saving data for one purpose whilst it is actually being used for a different purpose later on. This leads to logical errors and in turn can allow attackers an unrestricted access to run codes on affected systems.

The bug was discovered by Clement Lecigne, a member of Google’s Threat Analysis Group, on February 18.

The company wrote in a blog post that, “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”

This suggests that the company, which has been very vocal about such bugs in the past, is waiting for users to download the patch before it gives out too much information. However this may otherwise turn out to be an open invitation for attackers to take advantage of the exploit.

The first such Zero-day vulnerability was identified and patched in March 2019. It is advisable to update the web browser by downloading the offline installer or force an update from the settings menu from the browser itself.

Via: ZDNet