Security News > 2020 > September > Google Chrome Bugs Open Browsers to Attack
Google has stomped out several serious code-execution flaws in its Chrome browser.
The high-severity flaws include an out-of-bounds read error in storage in Google Chrome.
These include two bugs stemming from extensions in Google Chrome , which could allow an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
Finally, Google fixed an out-of-bounds write flaw in V8, an open-source JavaScript engine developed by The Chromium Project for Google Chrome and Chromium web browsers.
Last month, Google fixed various severe vulnerabilities in its web browsers, including a bug in Google's Chromium-based browsers that could allow attackers to bypass the Content Security Policy on websites, in order to steal data and execute rogue code.
News URL
https://threatpost.com/google-chrome-attack/159466/
Related news
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Malicious Chrome extensions can spoof password managers in new attack (source)
- Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- Browser-in-the-Browser attacks target CS2 players' Steam accounts (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)