Skip to main content
Tag

Chrome Vulnerabilities

||

New Chrome Zero-Day Under Active Attack

By News, Patch ManagementNo Comments

New Chrome Zero-Day Under Active Attack

Google has released Chrome 86.0.4240.111 to patch high-severity issues, including a zero-day vulnerability being exploited in the wild.

Google Chrome Zero-Day Vulnerability

Google has released Chrome 86.0.4240.111 today to patch high-severity issues, including a zero-day vulnerability that has been exploited in the wild. This is currently impacting Windows, Linux and Mac OS.

The vulnerability (CVE-2020-15999) is a memory-corruption flaw called heap buffer overflow in Freetype, an open-source software development library for rendering fonts included with Chrome.

According to researchers, the vulnerability is in the FreeType’s function “Load_SBit_Png,” which processes PNG images embedded into fonts. It can be exploited by attackers to execute arbitrary code through specific fonts with embedded PNG images.

Patching the Chrome Vulnerabilities

Google released Chrome 86.0.4240.111 as Chrome’s “stable” version, which is available to all users. The company stated that “an exploit for CVE-2020-15999 exists in the wild,” but did not reveal the latest attack details.

Besides the FreeType zero-day vulnerability, Google also patched four other severe flaws in the latest Chrome update.

The following issues have been resolved:

  • CVE-2020-16000: Inappropriate implementation in Blink
  • CVE-2020-16001: Use after free in media
  • CVE-2020-15999: Heap buffer overflow in Freetype
  • CVE-2020-16003: Use after free in printing

Keep Your Organization Protected

Customers of Syxsense Manage and Syxsense Secure can find these updates within the console.

Syxsense allows you to manage and secure vulnerabilities exposed by open ports, disabled firewalls, ineffective user account policies, and security compliance violations from remote workers.

Detecting software vulnerabilities isn’t enough—traditional security scanners only do half the job by identifying and tracking possible vulnerabilities and exposure without eliminating the risk.

With security scanning and patch management in a single console, our vulnerability scanning feature not only shows you what’s wrong, but also deploys the solution. Gain visibility into OS and third-party vulnerabilities while increasing cyber resilience through automated patching and security scans.

Experience the Power of Syxsense

Start a trial of Syxsense, which helps organizations from 100 to 100,000 endpoints secure and manage their environment, all from just a web browser.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Google Chrome 86 Brings Massive Security Fixes

By Patch ManagementNo Comments

Google Chrome 86 Brings Massive Security Fixes

Google’s latest version of Chrome has been released with 35 security fixes, including a critical bug and a new password feature.

Google Releases Chrome 86 with Critical Fixes

Google has leased its Stable channel version of Google Chrome 86. Contained within this release includes a massive amount of updates and bug fixes for security, features and API. This version is supported on both Windows, Android, Mac and Linux.

However, a critical flaw (CVE-2020-15967) in Chrome’s payments component has a CVSS score of 9.8, making this a Zero Day vulnerability. This severity rating means Google is recommending you deploy this version as soon as possible.

The flaw is a use-after-free bug. Use after free is a memory-corruption flaw where an attempt is made to access memory after it has been freed. This can cause malicious impacts, from making a program to crash to potentially leading to arbitrary code execution.

Use-after-free bugs have been a frequent threat to the browser. Seven high-severity vulnerabilities fixed in Chrome 86 were use-after-free flaws, from ones affecting Chrome’s printing (CVE-2020-15971), audio (CVE-2020-15972), password manager (CVE-2020-15991) and WebRTC (CVE-2020-15969) components.

Keep Your Organization Protected

Customers of Syxsense Manage and Syxsense Secure can find these updates within the console.

Syxsense allows you to manage and secure vulnerabilities exposed by open ports, disabled firewalls, ineffective user account policies, and security compliance violations from remote workers.

Detecting software vulnerabilities isn’t enough—traditional security scanners only do half the job by identifying and tracking possible vulnerabilities and exposure without eliminating the risk.

With security scanning and patch management in a single console, our vulnerability scanning feature not only shows you what’s wrong, but also deploys the solution. Gain visibility into OS and third-party vulnerabilities while increasing cyber resilience through automated patching and security scans. Insights into the OS misconfigurations and compliance violations reduce your attack surface and increase peace of mind.

Experience the Power of Syxsense

Start a trial of Syxsense, which helps organizations from 100 to 100,000 endpoints secure and manage their environment, all from just a web browser.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Google Chrome Fixes 8 Security Vulnerabilities

By Patch ManagementNo Comments

Google Chrome Fixes 8 Security Vulnerabilities

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution.

New Chrome Vulnerabilities Discovered

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. These vulnerabilities can be exploited if a user visits or is redirected to a specially crafted web page.

This vulnerability has been given a CVSS score of 9.8 which indicates it should be installed as a priority, and although has not been officially given Out of Band status, we feel it should be treated as such.

Resolved Chrome Vulnerabilities

The vulnerabilities fixed are as follows:

  • CVE-2020-6537: Type Confusion in V8
  • CVE-2020-6538: Inappropriate implementation in WebView
  • CVE-2020-6532: Use after free in SCTP
  • CVE-2020-6539: Use after free in CSS
  • CVE-2020-6540: Heap buffer overflow in Skia
  • CVE-2020-6541: Use after free in WebUSB

The stable channel has been updated to 84.0.4147.105 for Windows, Mac, and Linux and is available for deployment in the Syxsense console.

Keep Your Organization Protected

Syxsense allows you to manage and secure vulnerabilities exposed by open ports, disabled firewalls, ineffective user account policies, and security compliance violations from remote workers.

In this unpredictable time, detecting software vulnerabilities isn’t enough. Traditional security scanners only do half the job by identifying and tracking possible vulnerabilities and exposure without eliminating the risk.

Combining security scanning and patch management in a single console, our vulnerability scanning feature not only shows you what’s wrong, but also deploys the solution. Gain visibility into OS and third-party vulnerabilities while increasing cyber resilience through automated patching and security scans. Insights into the OS misconfigurations and compliance violations reduce your attack surface and increase peace of mind.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo