Security News > 2020 > September > Google Chrome Bugs Open Browsers to Attack
Google has stomped out several serious code-execution flaws in its Chrome browser.
The high-severity flaws include an out-of-bounds read error in storage in Google Chrome.
These include two bugs stemming from extensions in Google Chrome , which could allow an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
Finally, Google fixed an out-of-bounds write flaw in V8, an open-source JavaScript engine developed by The Chromium Project for Google Chrome and Chromium web browsers.
Last month, Google fixed various severe vulnerabilities in its web browsers, including a bug in Google's Chromium-based browsers that could allow attackers to bypass the Content Security Policy on websites, in order to steal data and execute rogue code.
News URL
https://threatpost.com/google-chrome-attack/159466/
Related news
- Google to kill Chrome Sync on older Chrome browser versions (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Malicious Browser Extensions are the Next Frontier for Identity Attacks (source)
- Supply chain attack hits Chrome extensions, could expose millions (source)
- Google takes action after coder reports 'most sophisticated attack I've ever seen' (source)
- New Apple CPU side-channel attacks steal data from browsers (source)
- New Syncjacking attack hijacks devices using Chrome extensions (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)