Google Chrome Zero-Day Vulnerability Under Attack

Google Chrome Zero-Day Vulnerability Under Attack

Chrome Under Active Attack

Google has patched a Chrome web browser zero-day bug being actively exploited in the wild. The vulnerability affects installations of Chrome running on Windows, Linux, and macOS.

The zero-day vulnerability, tracked as CVE-2020-6418, has been described as a type confusion issue affecting the V8 open source JavaScript engine used by the browser. Google has credited Clement Lecigne of its Threat Analysis Group for reporting the vulnerability. Lecigne has discovered various vulnerabilities within the past year within Chrome, as well as Internet Explorer.

Government Says Update Chrome

The Cybersecurity and Infrastructure Security Agency (CISA) also posted a bulletin encouraging users and administrators to review the Chrome Release and “apply the necessary updates.”

Technical details of the vulnerability are being withheld pending patch deployment to a majority of affected versions of the browser, according to Google. Memory corruption vulnerabilities typically occur when memory is altered without explicit data assignments triggering function errors, which in turn enable an attacker to execute arbitrary code on targeted devices.

Google Warns of More Vulnerabilities

Google has also warned users of two additional high-severity vulnerabilities. The first (CVE-2020-6407) is an out-of-bounds memory access in streams flaw and the other (CVE unassigned) is a flaw tied to an integer overflow in ICU, a flaw commonly associated with triggering a denial of service and possibly to code execution.

This is actually the third Chrome zero-day to have been exploited in the wild just this past year. Google patched the first Chrome zero-day in March of 2019 (CVE-2019-5786) and then a second in November of 2019 (CVE-2019-13720).

Patches for this zero-day have been released part of Chrome version 80.0.3987.122.

How to Manage Chrome Vulnerabilities

Leveraging a simple and powerful solution with an up-to-date library of third-party products could easily alleviate the issue across organizations. Syxsense provides Chrome updates same-day and allows for an exceptionally smooth process with a Patch Deploy task.

Simply target all devices for the newest update and the pre-packaged detection will determine if devices do/do not require the update. If they require it, the update will be automatically applied and the vulnerability remediated.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Recent Posts

Topics

Related Posts

If Vulnerabilities Can Take Down Even the Most Prepared, What Can You Do?

If Vulnerabilities Can Take Down Even the Most Prepared, What Can You Do?

April 20, 2024
April 2024 Patch Tuesday: Microsoft releases 147 fixes this month including 3 Critical Threats.

April 2024 Patch Tuesday: Microsoft releases 147 fixes this month including 3 Critical Threats.

April 9, 2024
Automating Patch and Vulnerability Management for Compliance Success

Automating Patch and Vulnerability Management for Compliance Success

March 21, 2024
March 2024 Patch Tuesday: Microsoft releases 59 fixes this month including 2 Critical Threats and 2 with CVSS Score of 9.0 or Above

March 2024 Patch Tuesday: Microsoft releases 59 fixes this month including 2 Critical Threats and 2 with CVSS Score of 9.0 or Above

March 12, 2024