Security News > 2020 > August > Google Fixes High-Severity Chrome Browser Code Execution Bug
The Google Chrome web browser has a high-severity vulnerability that could be used to execute arbitrary code, researchers say.
The flaw has been fixed in the Chrome 85 stable channel, set to be rolled out to users this week.
The flaw is a use-after-free vulnerability in the WebGL component of Chrome browser.
"An adversary could manipulate the memory layout of the browser in a way that they could gain control of the use-after-free exploit, which could ultimately lead to arbitrary code execution," according to Jon Munshaw with Cisco Talos in a Monday analysis.
Researchers said this vulnerability specifically exists in ANGLE, a compatibility layer between OpenGL and Direct3D used on Windows by Chrome browser and other project.
News URL
https://threatpost.com/google-fixes-high-severity-chrome-browser-code-execution-bug/158600/
Related news
- Google to let businesses create curated Chrome Web Stores for extensions (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)