Security News > 2020 > March > Google Patches High-Risk Chrome Flaws, Halts Upcoming Releases
Google this week rolled out an update to address multiple high-severity vulnerabilities in Chrome and also announced that it is pausing upcoming releases of the browser.
The pause, the Internet giant says, was caused by an adjusted work schedule due to the current COVID-19 epidemic, and affects both Chrome and Chrome OS releases.
A total of 13 security fixes were included in the latest Chrome update, including nine for vulnerabilities discovered by external security researchers.
Another Google Project Zero researcher, Natalie Silvanovich, found an out-of-bounds read bug in usersctplib, which is tracked as CVE-2019-20503.
The last vulnerability has been described by Google as an inappropriate implementation in V8. The security hole is tracked as CVE-2020-6426 and it was reported by Avihay Cohen of SeraphicAlgorithms.
News URL
Related news
- Google to let businesses create curated Chrome Web Stores for extensions (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-23 | CVE-2020-6426 | Out-of-bounds Write vulnerability in multiple products Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 |
| 2020-03-06 | CVE-2019-20503 | Out-of-bounds Read vulnerability in multiple products usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. | 6.5 |