Google yesterday released a new critical software update for its Chrome web browser for desktops that will be rolled out to Windows, Mac, and Linux users over the next few days.
The latest Chrome 80.0.3987.122 includes security fixes for three new vulnerabilities, all of which have been marked ‘HIGH’ in severity, including one that (CVE-2020-6418) has been reportedly exploited in the wild.
The brief description of the Chrome bugs, which impose a significant risk to your systems if left unpatched, are as follows:
- Integer overflow in ICU — Reported by André Bargull on 2020-01-22
- Out of bounds memory access in streams (CVE-2020-6407) — Reported by Sergei Glazunov of Google Project Zero on 2020-01-27
- Type confusion in V8 (CVE-2020-6418) — Reported by Clement Lecigne of Google’s Threat Analysis Group on 2020-02-18
The Integer Overflow vulnerability was disclosed by André Bargull privately to Google last month, earning him $5,000 in rewards, while the other two vulnerabilities — CVE-2020-6407 and CVE-2020-6418 — were identified by experts from the Google security team.
Google has said CVE-2020-6418, which stems from a type confusion error in its V8 JavaScript rendering…
http://feedproxy.google.com/~r/TheHackersNews/~3/bQvYFWMwops/google-chrome-zero-day.html