Security News > 2020 > July > Cisco Discloses Details of Chrome, Firefox Vulnerabilities
Cisco's Talos threat intelligence and research group this week disclosed the details of recently patched vulnerabilities affecting the Chrome and Firefox web browsers.
The Chrome flaw, tracked as CVE-2020-6463 and classified as high severity with a CVSS score of 8.8, was patched by Google in April with the release of Chrome 81.0.4044.122.
The vulnerability, described as a memory corruption issue, impacts PDFium, the open source PDF renderer used by Chrome and other applications.
"PDFium supports execution of Javascript scripts embedded inside PDF documents. As Chrome itself, PDFium uses V8 as its Javascript engine. This vulnerability lies in a way V8 in a specific configuration processes regular expressions," Talos explained.
As for the Firefox vulnerability, Talos disclosed the details of CVE-2020-12418, a high-severity issue related to the URL mPath functionality, which can be exploited to obtain information that could allow the attacker to bypass ASLR and execute arbitrary code.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-09 | CVE-2020-12418 | Out-of-bounds Read vulnerability in multiple products Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. | 6.5 |
| 2020-05-21 | CVE-2020-6463 | Use After Free vulnerability in multiple products Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |