Security News > 2020 > February > Google Patches Chrome Browser Zero-Day Bug, Under Attack
Google said Monday it has patched a Chrome web browser zero-day bug being actively exploited in the wild.
Google said the flaw impacts versions of Chrome released before version 80.0.3987.122.
The bug is tied to Chrome's open-source JavaScript and Web Assembly engine, called V8. Technical details of CVE-2020-6418 are being withheld pending patch deployment to a majority of affected versions of the Chrome browser, according to Google.
In the context web browser engines, a similar memory corruption bug exploited by adversaries earlier this month, enticed victims to visit a specially-crafted web site booby-trapped with and an exploit that took advantage of a browser memory corruption flaw to execute code remotely.
Credited for finding the bug is Google's Threat Analysis Group and researcher Clément Lecigne.
News URL
https://threatpost.com/google-patches-chrome-browser-zero-day-bug-under-attack/153216/
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-27 | CVE-2020-6418 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |