Security

Google patches multiple Chrome vulnerabilities, including RCE.

The stable release 84.0.4147.105 of Chrome web browser which is out for Windows and Mac fixes a number of vulnerabilities ranging from low to high severity.

Update for Linux distros is expected to be rolled out in the upcoming days.

If exploited, some of these vulns. could have enabled attackers to execute arbitrary code remotely on the victims’ machines.

A list of vulns., security researchers who reported it, as well as the bug bounty offered to them by Google has been announced on the release updates page.

  • [$10000][1105318] High CVE-2020-6537: Type Confusion in V8.
    Reported by Alphalaab on 2020-07-14
  • [$N/A][1096677] High CVE-2020-6538: Inappropriate implementation in WebView.
    Reported by Yongke Wang(@Rudykewang) and Aryb1n(@aryb1n) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室) on 2020-06-18
  • [$TBD][1104061] High CVE-2020-6532: Use after free in SCTP.
    Reported by Anonymous on 2020-07-09
  • [$N/A][1105635] High CVE-2020-6539: Use after free in CSS.
    Reported by Oriol Brufau on 2020-07-14
  • [$TBD][1105720] High CVE-2020-6540: Heap buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2020-07-15
  • [$N/A][1106773] High CVE-2020-6541: Use after free in WebUSB. Reported by Sergei Glazunov of Google Project Zero on 2020-07-17

“We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel,” said Prudhvikumar Bommana, Technical Program Manager at Google.

Google’s internal security teams have also been credited with implementing a number of fixes after having discovered bugs, as the page explains.

“[1109361] Various fixes from internal audits, fuzzing, and other initiatives. Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.”

Users are advised to update their Chrome browsers to version 84.0.4147.105 or above.

Ax Sharma

Ax Sharma is an Indian-origin British security researcher, journalist and TV subject matter expert with a focus on malware analysis and cybercrime investigations. His areas of interest include open source software security, threat intel analysis, and reverse engineering. Frequently featured by leading media outlets like the BBC, Channel 5, Fortune, WIRED, The Register, among others, Ax is an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).

Recent Posts

Sea Turtle Cyber Espionage Campaign Targets Telecommunication and IT Companies in the Netherlands

Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the…

12 months ago

Rogue WordPress plugin: Threat hunters uncover credit card skimming campaign targeting e-commerce sites

Rogue WordPress Plugin Found to Steal Credit Card Information in Magecart Campaign Threat hunters have…

12 months ago

Albanian Parliament and telco ‘One Albania’ suffer cyber attacks

The Assembly of the Republic of Albania and telecom company One Albania have recently fallen…

12 months ago

Carbanak Banking Malware Resurfaces with Updated Tactics in Ransomware Attacks

The banking malware Carbanak has resurfaced with updated tactics, incorporating attack vendors and techniques to…

12 months ago

Theme park giant Parques Reunidos hit by a ransomware cyber attack

One of the world's largest theme park operators, Parques Reunidos has disclosed a cybersecurity incident.…

2 years ago

Phishing kit screenshots your email domain on the fly to appear real

Phishing kit used by multiple hacked sites generates a log in page on the fly…

2 years ago

This website uses cookies.