Threat Watch

Google Patches Chrome Zero-Day Being Actively Exploited

Google has released a Chrome update that patches three different security bugs, including a zero-day vulnerability that has been actively exploited. Google has not made any details of the active exploitation of the zero-day public though. The only detail being released about the zero-day at this time is that it was discovered by a member of Google’s Threat Analysis Group last week on February 18th.  The patch, which is part of Chrome version 80.0.3987.122, is available at this time for Windows, Mac, and Linux, but not Chrome OS, iOS, or Android. Currently, the vulnerability has been designated CVE-2020-6418 and has been designated as a “type confusion in V8.” V8 is Chrome’s JavaScript processing component, and type confusion indicates that during an app’s data execution, it is tricked into using an input of a specific type as a different type. 

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

Type confusion can lead to logical errors in the app’s memory and can enable an attacker to be able to run malicious code unrestricted. This is the third zero-day patch for Chrome in the past year. Since this zero-day is being exploited in the wild, according to Google it is important to update browsers as soon as possible. More information can be found at https://www.zdnet.com/article/google-patches-chrome-zero-day-under-active-attacks/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support