Security News > 2020 > February > Google Patches Chrome Browser Zero-Day Bug, Under Attack
Google said Monday it has patched a Chrome web browser zero-day bug being actively exploited in the wild.
Google said the flaw impacts versions of Chrome released before version 80.0.3987.122.
The bug is tied to Chrome's open-source JavaScript and Web Assembly engine, called V8. Technical details of CVE-2020-6418 are being withheld pending patch deployment to a majority of affected versions of the Chrome browser, according to Google.
In the context web browser engines, a similar memory corruption bug exploited by adversaries earlier this month, enticed victims to visit a specially-crafted web site booby-trapped with and an exploit that took advantage of a browser memory corruption flaw to execute code remotely.
Credited for finding the bug is Google's Threat Analysis Group and researcher Clément Lecigne.
News URL
https://threatpost.com/google-patches-chrome-browser-zero-day-bug-under-attack/153216/
Related news
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- Mozilla fixes Firefox zero-day actively exploited in attacks (source)
- Google: 70% of exploited flaws disclosed in 2023 were zero-days (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-27 | CVE-2020-6418 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |