Security News > 2020 > September > Google Chrome Bugs Open Browsers to Attack
Google has stomped out several serious code-execution flaws in its Chrome browser.
The high-severity flaws include an out-of-bounds read error in storage in Google Chrome.
These include two bugs stemming from extensions in Google Chrome , which could allow an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
Finally, Google fixed an out-of-bounds write flaw in V8, an open-source JavaScript engine developed by The Chromium Project for Google Chrome and Chromium web browsers.
Last month, Google fixed various severe vulnerabilities in its web browsers, including a bug in Google's Chromium-based browsers that could allow attackers to bypass the Content Security Policy on websites, in order to steal data and execute rogue code.
News URL
https://threatpost.com/google-chrome-attack/159466/
Related news
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google Chrome gets a mind of its own for some security fixes (source)
- Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense (source)
- New Google Chrome feature will translate complex pages in real time (source)
- New Octo Android malware version impersonates NordVPN, Google Chrome (source)
- Google raps Iran's APT42 for raining down spear-phishing attacks (source)
- Google to Remove App that Made Google Pixel Devices Vulnerable to Attacks (source)
- Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)