Security News > 2020 > August > Google Fixes High-Severity Chrome Browser Code Execution Bug
The Google Chrome web browser has a high-severity vulnerability that could be used to execute arbitrary code, researchers say.
The flaw has been fixed in the Chrome 85 stable channel, set to be rolled out to users this week.
The flaw is a use-after-free vulnerability in the WebGL component of Chrome browser.
"An adversary could manipulate the memory layout of the browser in a way that they could gain control of the use-after-free exploit, which could ultimately lead to arbitrary code execution," according to Jon Munshaw with Cisco Talos in a Monday analysis.
Researchers said this vulnerability specifically exists in ANGLE, a compatibility layer between OpenGL and Direct3D used on Windows by Chrome browser and other project.
News URL
https://threatpost.com/google-fixes-high-severity-chrome-browser-code-execution-bug/158600/
Related news
- Google to kill Chrome Sync on older Chrome browser versions (source)
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Google Chrome is making it easier to share specific parts of long PDFs (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)