Mystery zero-day in Chrome – update now!

2020-02-25 20:55

Google has issued an update for its widespread Chrome browser to fix three security holes.

Google, which is often vociferous about bugs and how they work, especially those found by its own Project Zero and Threat Analysis teams, is playing its cards close to its chest in this case.

In regular use Chrome runs with its protective sandbox enabled, so even if this proof-of-concept exploit were to trigger the bug, it couldn't then grab control from the browser to run malware code of an attacker's choosing.

You just used type confusion to bypass the security checks that should have been applied to the memory pointer.

What's V8? V8, in case you are wondering, is the JavaScript "Engine" that is built into the Chrome browser.

News URL

https://nakedsecurity.sophos.com/2020/02/25/mystery-zero-day-in-chrome-update-now/

#chrome #zeroday

News URL

Related news