New Threat Research: MalSync Teardown: From DLL Hijacking to PHP Malware for Windows  

Read Threat Research

Search

Google Patches Chrome Zero-Day Being Actively Exploited

Google has released a Chrome update that patches three different security bugs, including a zero-day vulnerability that has been actively exploited. Google has not made any details of the active exploitation of the zero-day public though. The only detail being released about the zero-day at this time is that it was discovered by a member of Google’s Threat Analysis Group last week on February 18th.  The patch, which is part of Chrome version 80.0.3987.122, is available at this time for Windows, Mac, and Linux, but not Chrome OS, iOS, or Android. Currently, the vulnerability has been designated CVE-2020-6418 and has been designated as a “type confusion in V8.” V8 is Chrome’s JavaScript processing component, and type confusion indicates that during an app’s data execution, it is tricked into using an input of a specific type as a different type. 

Analyst Notes

Type confusion can lead to logical errors in the app’s memory and can enable an attacker to be able to run malicious code unrestricted. This is the third zero-day patch for Chrome in the past year. Since this zero-day is being exploited in the wild, according to Google it is important to update browsers as soon as possible. More information can be found at https://www.zdnet.com/article/google-patches-chrome-zero-day-under-active-attacks/