Security News > 2020 > February > Google Patches Chrome Browser Zero-Day Bug, Under Attack
Google said Monday it has patched a Chrome web browser zero-day bug being actively exploited in the wild.
Google said the flaw impacts versions of Chrome released before version 80.0.3987.122.
The bug is tied to Chrome's open-source JavaScript and Web Assembly engine, called V8. Technical details of CVE-2020-6418 are being withheld pending patch deployment to a majority of affected versions of the Chrome browser, according to Google.
In the context web browser engines, a similar memory corruption bug exploited by adversaries earlier this month, enticed victims to visit a specially-crafted web site booby-trapped with and an exploit that took advantage of a browser memory corruption flaw to execute code remotely.
Credited for finding the bug is Google's Threat Analysis Group and researcher Clément Lecigne.
News URL
https://threatpost.com/google-patches-chrome-browser-zero-day-bug-under-attack/153216/
Related news
- Google to kill Chrome Sync on older Chrome browser versions (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- Google Chrome is making it easier to share specific parts of long PDFs (source)
- Malicious Browser Extensions are the Next Frontier for Identity Attacks (source)
- Ivanti warns of new Connect Secure flaw used in zero-day attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Supply chain attack hits Chrome extensions, could expose millions (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-27 | CVE-2020-6418 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |