Security News > 2020 > September > Google Chrome Bugs Open Browsers to Attack
Google has stomped out several serious code-execution flaws in its Chrome browser.
The high-severity flaws include an out-of-bounds read error in storage in Google Chrome.
These include two bugs stemming from extensions in Google Chrome , which could allow an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
Finally, Google fixed an out-of-bounds write flaw in V8, an open-source JavaScript engine developed by The Chromium Project for Google Chrome and Chromium web browsers.
Last month, Google fixed various severe vulnerabilities in its web browsers, including a bug in Google's Chromium-based browsers that could allow attackers to bypass the Content Security Policy on websites, in order to steal data and execute rogue code.
News URL
https://threatpost.com/google-chrome-attack/159466/
Related news
- Google Chrome uses AI to analyze pages in new scam detection feature (source)
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Google Chrome is making it easier to share specific parts of long PDFs (source)
- Google to kill Chrome Sync on older Chrome browser versions (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)
- Google says new scam protection feature in Chrome uses AI (source)
- Malicious Browser Extensions are the Next Frontier for Identity Attacks (source)
- Supply chain attack hits Chrome extensions, could expose millions (source)
- Google takes action after coder reports 'most sophisticated attack I've ever seen' (source)
- New Apple CPU side-channel attacks steal data from browsers (source)