Security News > 2020 > February > Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks
Google yesterday released a new critical software update for its Chrome web browser for desktops that will be rolled out to Windows, Mac, and Linux users over the next few days.
The latest Chrome 80.0.3987.122 includes security fixes for three new vulnerabilities, all of which have been marked 'HIGH' in severity, including one that has been reportedly exploited in the wild.
The Integer Overflow vulnerability was disclosed by André Bargull privately to Google last month, earning him $5,000 in rewards, while the other two vulnerabilities - CVE-2020-6407 and CVE-2020-6418 - were identified by experts from the Google security team.
The search giant has not disclosed further details of the vulnerabilities so that it gives affected users enough time to install the Chrome update and prevent hackers from exploiting them.
It's recommended that Windows, Linux, and macOS users download and install the latest version of Chrome by heading to Help > "About Chrome" from the settings menu.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/bQvYFWMwops/google-chrome-zero-day.html
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Malicious Chrome extensions can spoof password managers in new attack (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot (source)
- ⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More (source)
- Chrome to patch decades-old flaw that let sites peek at your history (source)
- Old Fortinet flaws under attack with new method its patch didn't prevent (source)
- Cookie-Bite attack PoC uses Chrome extension to steal session tokens (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-27 | CVE-2020-6407 | Out-of-bounds Write vulnerability in Google Chrome Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2020-02-27 | CVE-2020-6418 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |