Google fixes Chrome zero-day flaw exploited in the wild

Google has released Chrome 80 update that addresses three high-severity vulnerabilities, one of them has been exploited in the wild.

Google has released Chrome 80 update (version 80.0.3987.122) that addresses three high-severity vulnerabilities, including a zero-day issue (CVE-2020-6418) that has been exploited in the wild. The CVE-2020-6418 vulnerability is a type confusion issue that affects the V8 open source JavaScript engine used by the Chrome browser.

Google did not disclose details of the attack exploiting this zero-day flaw to avoid other threat actors will start to exploit it. The vulnerability was discovered by Clement Lecigne from the Google Threat Analysis Group.

The remaining flaws fixed by Google are an integer overflow in ICU and an out-of-bounds memory access issue in the streams component.

The integer overflow was reported by the security expert André Bargull, who was awarded $5,000 for its discovery.

The out-of-bounds vulnerability addressed with the release of Chrome 80 update (version 80.0.3987.122) was discovered by Sergei Glazunov of Google Project Zero.

This is the third Chrome zero-day that has been exploited by threat actors in the wild in the past year.

In February 2019, Clement Lecigne discovered a high severity zero-day flaw in Chrome that could be exploited by a remote attacker to execute arbitrary code and take full control of the target computer.

The vulnerability tracked as CVE-2019-5786 resides in the web browsing software and impact all major operating systems including Windows, Apple macOS, and Linux.

In November 2019, Google released security updates to address two high severity vulnerabilities in the Chrome browser, one of which is a zero-day flaw actively exploited in attacks in the wild to hijack computers.

One of the flaw, tracked as CVE-2019-13720, was exploited in a campaign that experts attribute to Korea-linked threat actors.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Google Chrome)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.