Google Patches Chrome Zero-Day Being Actively Exploited - Binary Defense

Threat Watch

Share on facebook
Share on twitter
Share on linkedin

Google Patches Chrome Zero-Day Being Actively Exploited

Google has released a Chrome update that patches three different security bugs, including a zero-day vulnerability that has been actively exploited. Google has not made any details of the active exploitation of the zero-day public though. The only detail being released about the zero-day at this time is that it was discovered by a member of Google’s Threat Analysis Group last week on February 18th.  The patch, which is part of Chrome version 80.0.3987.122, is available at this time for Windows, Mac, and Linux, but not Chrome OS, iOS, or Android. Currently, the vulnerability has been designated CVE-2020-6418 and has been designated as a “type confusion in V8.” V8 is Chrome’s JavaScript processing component, and type confusion indicates that during an app’s data execution, it is tricked into using an input of a specific type as a different type. 

ANALYST NOTES

Type confusion can lead to logical errors in the app’s memory and can enable an attacker to be able to run malicious code unrestricted. This is the third zero-day patch for Chrome in the past year. Since this zero-day is being exploited in the wild, according to Google it is important to update browsers as soon as possible. More information can be found at https://www.zdnet.com/article/google-patches-chrome-zero-day-under-active-attacks/

Contact Support

Please complete the form below and a member of our support team will respond as quickly as possible.