Google Released a Patch for Chrome Zero-day Vulnerability That Actively Exploited in Wide

Google Chrome issued an emergency patch to fix 3-high security vulnerabilities including a zero-day bug that actively exploited in wild.

All the vulnerabilities are patched with Chrome version 80.0.3987.122 and the update is available for Windows, Mac, and Linux users.

Technical details of the vulnerability were not disclosed and all the versions of the chrome before 80.0.3987.122 are affected.

3-High Security Vulnerabilities

Integer overflow in ICU

The vulnerability allows a remote attacker to trigger an integer overflow of ICU, results in DoS condition and possibly attacker can execute code on the target vulnerable machine.

CVE-2020-6407: Out of bounds memory access

The error in processing the input streams results in Out of bounds memory access vulnerability. The vulnerability allows a remote attacker to read the information from a memory location or possibly cause a crash.

CVE-2020-6418: Type confusion

The type confusion vulnerability that resides in the V8 component of Chrome’s open-source JavaScript and Web Assembly engine.

A remote attacker can exploit the vulnerability, successful exploitation of the vulnerability allows attackers to gain complete control, over the system.

This is the vulnerability exploited by the attackers in the wild. Users are recommended to update with the latest version of Chrome.

Chrome already patched a Zero-day Bug that was exploited in the wild. Threat actors use the Zero-day Bug to launch various attacks such as spear-phishing, malware, backdoors to attack various financial organizations around the world.

Follow us on TwitterLinkedinFacebook for Daily cyber security & hacking news updates.

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges in Organizational Environments

A startling discovery by BeyondTrust researchers has unveiled a critical vulnerability in Microsoft Entra ID…

22 hours ago

Threat Actors Exploit Google Apps Script to Host Phishing Sites

The Cofense Phishing Defense Center has uncovered a highly strategic phishing campaign that leverages Google…

23 hours ago

Dadsec Hacker Group Uses Tycoon2FA Infrastructure to Steal Office365 Credentials

Cybersecurity researchers from Trustwave’s Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated by…

23 hours ago

Beware: Weaponized AI Tool Installers Infect Devices with Ransomware

Cisco Talos has uncovered a series of malicious threats masquerading as legitimate AI tool installers,…

24 hours ago

Pure Crypter Uses Multiple Evasion Methods to Bypass Windows 11 24H2 Security Features

Pure Crypter, a well-known malware-as-a-service (MaaS) loader, has been recognized as a crucial tool for…

24 hours ago

Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges

A recent discovery by security researchers at BeyondTrust has revealed a critical, yet by-design, security…

1 day ago