Saturday, September 7, 2024
HomeChromeGoogle Security Update Fixed Multiple High Severity Vulnerabilities in Chrome - Update...

Google Security Update Fixed Multiple High Severity Vulnerabilities in Chrome – Update Now

Published on

Google released Chrome 80.0.3987.149, a stable channel update for Windows, Mac, and Linux with the fixes for several high severity vulnerabilities.

Google Addressed 13 “high” severity bugs that were reported by various external security researchers.

Due to the COVID-19 outbreak, Google announced to pass the upcoming releases of both Chrome and Chrome OS.

- Advertisement - EHA

” Due to adjusted work schedules at this time, we are pausing upcoming Chrome and Chrome OS releases. Our primary objectives are to ensure they continue to be stable, secure and work reliably for anyone who depends on them.” Google said.

Google fixed several uses after free vulnerabilities in various chrome components such as WebGL, media, audio.

External security researcher David Manouchehri reports a use after free bug in WebGL ( CVE-2020-6422) and the researcher earned $8500 as a part of the Google Bug bounty reward program.

Another Use after Free vulnerability that affects the Media component (CVE-2020-6424) and Insufficient policy enforcement in extensions( CVE-2020-6425 ) vulnerabilities reported by Sergei Glazunov from Google Profect Zero team.

[$NA][1031142] High CVE-2020-6424: Use after free in media. Reported by Sergei Glazunov of Google Project Zero on 2019-12-05 

[$NA][1031670] High CVE-2020-6425: Insufficient policy enforcement in extensions. Reported by Sergei Glazunov of Google Project Zero on 2019-12-06

Man Yue Mo, a researcher from Semmle Security Research Team reported 4 “High” severity vulnerabilities that affected Chrome and all the 4 vulnerabilities were fixed in this update.

[$TBD][1055788] High CVE-2020-6427: Use after free in audio. Reported by Man Yue Mo of Semmle Security Research Team on 2020-02-25 

[$TBD][1057593] High CVE-2020-6428: Use after free in audio. Reported by Man Yue Mo of Semmle Security Research Team on 2020-03-02 

[$TBD][1057627] High CVE-2020-6429: Use after free in audio. Reported by Man Yue Mo of Semmle Security Research Team on 2020-03-02

 [$TBD][1059686] High CVE-2020-6449: Use after free in audio. Reported by Man Yue Mo of Semmle Security Research Team on 2020-03-09 

How to Update

Steps to update for Windows, Mac, and Linux desktop users

  1. Open Chrome browser
  2. Head to Settings
  3. Expand help
  4. About Google Chrome
  5. The browser will process the update

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion

NoiseAttack is a new method of secretly attacking deep learning models. It uses triggers...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Chrome Vulnerability Let Attackers Execute Arbitrary Code Remotely

The stable channel for desktops has been updated to version 128.0.6613.119/.120 for Windows and...

Hackers Repeatedly Using Same iOS & Chrome Exploits to Attack Government Websites

Hackers have been exploiting vulnerabilities in iOS and Google Chrome to target government websites,...

Chrome Zero-day Vulnerability Actively Exploited in the Wild

Google has announced the release of Chrome 128 to the stable channel for Windows,...