Security News > 2020 > February > Google Patches Chrome Browser Zero-Day Bug, Under Attack
Google said Monday it has patched a Chrome web browser zero-day bug being actively exploited in the wild.
Google said the flaw impacts versions of Chrome released before version 80.0.3987.122.
The bug is tied to Chrome's open-source JavaScript and Web Assembly engine, called V8. Technical details of CVE-2020-6418 are being withheld pending patch deployment to a majority of affected versions of the Chrome browser, according to Google.
In the context web browser engines, a similar memory corruption bug exploited by adversaries earlier this month, enticed victims to visit a specially-crafted web site booby-trapped with and an exploit that took advantage of a browser memory corruption flaw to execute code remotely.
Credited for finding the bug is Google's Threat Analysis Group and researcher Clément Lecigne.
News URL
https://threatpost.com/google-patches-chrome-browser-zero-day-bug-under-attack/153216/
Related news
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Microsoft fixes 6 zero-days under active attack (source)
- Google raps Iran's APT42 for raining down spear-phishing attacks (source)
- Google to Remove App that Made Google Pixel Devices Vulnerable to Attacks (source)
- Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-27 | CVE-2020-6418 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |