Security News > 2020 > August > Google Fixes High-Severity Chrome Browser Code Execution Bug
The Google Chrome web browser has a high-severity vulnerability that could be used to execute arbitrary code, researchers say.
The flaw has been fixed in the Chrome 85 stable channel, set to be rolled out to users this week.
The flaw is a use-after-free vulnerability in the WebGL component of Chrome browser.
"An adversary could manipulate the memory layout of the browser in a way that they could gain control of the use-after-free exploit, which could ultimately lead to arbitrary code execution," according to Jon Munshaw with Cisco Talos in a Monday analysis.
Researchers said this vulnerability specifically exists in ANGLE, a compatibility layer between OpenGL and Direct3D used on Windows by Chrome browser and other project.
News URL
https://threatpost.com/google-fixes-high-severity-chrome-browser-code-execution-bug/158600/
Related news
- Google Chrome will let you send money to your favourite website (source)
- Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs (source)
- Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- Qilin ransomware now steals credentials from Chrome browsers (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Google increases Chrome bug bounty rewards up to $250,000 (source)