Google patches actively attacked zeroday leak in Chrome (CVE-2020-6418)

Google has updated Google Chrome to Google Chrome 80.0.3987.122. In this Chrome update, several zero-day leaks have been fixed in Google Chrome.

One zero-day leak (CVE-2020-6418), which was already actively attacked before the update, was a zero-day leak in Chrome’s V8 Javascript engine. The V8 Javascript engine is involved in running JavaScript in Google Chrome.

google chromeNo information has been released about how many users were vulnerable and details about the attack. Still, Google did assess the CVE-2020-6418 zero-day leak as “High.”

These are leaks that would have allowed an attacker to execute code within the context of the browser. It is then possible, for example, to read or modify data from other websites. Vulnerabilities to escape from the Chrome sandbox were also included.

The security breach alone is not enough to compromise systems. The attack would require a second vulnerability.

The vulnerability was found by Clement Lecigne of Googles Threat Analysis Group. This group is involved with combating government-sponsored and executed attacks against Google and its users.


Share this article online!
Sharing is caring! Do you care about a safer world wide web? I think you do! Help other people by sharing this information on social media. You can use the social media network buttons below.

 

 

You might find these articles useful

About The Author

Add Comment