Google patches actively attacked zeroday leak in Chrome (CVE-2020-6418)

Google has updated Google Chrome to Google Chrome 80.0.3987.122. In this Chrome update, several zero-day leaks have been fixed in Google Chrome.

One zero-day leak (CVE-2020-6418), which was already actively attacked before the update, was a zero-day leak in Chrome’s V8 Javascript engine. The V8 Javascript engine is involved in running JavaScript in Google Chrome.

google chromeNo information has been released about how many users were vulnerable and details about the attack. Still, Google did assess the CVE-2020-6418 zero-day leak as “High.”

These are leaks that would have allowed an attacker to execute code within the context of the browser. It is then possible, for example, to read or modify data from other websites. Vulnerabilities to escape from the Chrome sandbox were also included.

The security breach alone is not enough to compromise systems. The attack would require a second vulnerability.

The vulnerability was found by Clement Lecigne of Googles Threat Analysis Group. This group is involved with combating government-sponsored and executed attacks against Google and its users.

Thank me! Help other people. Share this information on social media, a forum or website, and contribute to a safer internet for everyone.

Scroll to Top