Skip to main content
Patch Management

Google Chrome Zero-Day Vulnerability Under Attack

By February 26, 2020June 22nd, 2022No Comments
||

Google Chrome Zero-Day Vulnerability Under Attack

Google has patched a Chrome browser zero-day bug being actively exploited in the wild. The vulnerability affects installations of Chrome running on Windows, Linux, and macOS.

[vc_empty_space]
[vc_single_image image=”37070″ img_size=”full”]

Chrome Under Active Attack

Google has patched a Chrome web browser zero-day bug being actively exploited in the wild. The vulnerability affects installations of Chrome running on Windows, Linux, and macOS.

The zero-day vulnerability, tracked as CVE-2020-6418, has been described as a type confusion issue affecting the V8 open source JavaScript engine used by the browser. Google has credited Clement Lecigne of its Threat Analysis Group for reporting the vulnerability. Lecigne has discovered various vulnerabilities within the past year within Chrome, as well as Internet Explorer.

Government Says Update Chrome

The Cybersecurity and Infrastructure Security Agency (CISA) also posted a bulletin encouraging users and administrators to review the Chrome Release and “apply the necessary updates.”

Technical details of the vulnerability are being withheld pending patch deployment to a majority of affected versions of the browser, according to Google. Memory corruption vulnerabilities typically occur when memory is altered without explicit data assignments triggering function errors, which in turn enable an attacker to execute arbitrary code on targeted devices.

Google Warns of More Vulnerabilities

Google has also warned users of two additional high-severity vulnerabilities. The first (CVE-2020-6407) is an out-of-bounds memory access in streams flaw and the other (CVE unassigned) is a flaw tied to an integer overflow in ICU, a flaw commonly associated with triggering a denial of service and possibly to code execution.

This is actually the third Chrome zero-day to have been exploited in the wild just this past year. Google patched the first Chrome zero-day in March of 2019 (CVE-2019-5786) and then a second in November of 2019 (CVE-2019-13720).

Patches for this zero-day have been released part of Chrome version 80.0.3987.122.

How to Manage Chrome Vulnerabilities

Leveraging a simple and powerful solution with an up-to-date library of third-party products could easily alleviate the issue across organizations. Syxsense provides Chrome updates same-day and allows for an exceptionally smooth process with a Patch Deploy task.

Simply target all devices for the newest update and the pre-packaged detection will determine if devices do/do not require the update. If they require it, the update will be automatically applied and the vulnerability remediated.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||” css=”.vc_custom_1572936982710{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Leave a Reply