Security News > 2020 > September > Google Chrome Bugs Open Browsers to Attack
Google has stomped out several serious code-execution flaws in its Chrome browser.
The high-severity flaws include an out-of-bounds read error in storage in Google Chrome.
These include two bugs stemming from extensions in Google Chrome , which could allow an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
Finally, Google fixed an out-of-bounds write flaw in V8, an open-source JavaScript engine developed by The Chromium Project for Google Chrome and Chromium web browsers.
Last month, Google fixed various severe vulnerabilities in its web browsers, including a bug in Google's Chromium-based browsers that could allow attackers to bypass the Content Security Policy on websites, in order to steal data and execute rogue code.
News URL
https://threatpost.com/google-chrome-attack/159466/
Related news
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- Google to let businesses create curated Chrome Web Stores for extensions (source)
- Samsung phone users under attack, Google warns (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)