Google patches zero-day vulnerability in Chrome

Posted on Wednesday, February 26 2020 @ 13:14 CET by Thomas De Maesschalck

Google rolled out a new version of Chrome that fixes a security vulnerability that's actively exploited by cybercriminals. To be protected against attacks, you need Chrome version 80.0.3987.122. The security flaw concerns a type confusion bug in V8, the part of Chrome that processes JavaScript code.

A type confusion refers to coding bugs during which an app initializes data execution operations using input of a specific "type" but is tricked into treating the input as a different "type."

The "type confusion" leads to logical errors in the app's memory and can lead to situations where an attacker can run unrestricted malicious code inside an application.

The bug, which is listed as CVE-2020-6418, was disovered by Clement Lecigne, a member of Google's Threat Analysis Group.

Found and analyzed with a lot of help from @5aelo and Sergei. https://t.co/qeBkjsao4o
— clem1 (@_clem1) February 25, 2020

Via: ZD Net

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments

Share this story!