Categories: News

Google announces security patches for severe flaws in Chrome

Google released security patches to stomp out severe flaws in Chrome. So, the company announced that patches for all the bugs Google disclosed will be available in the next few days.

No less than eight security bugs were addressed in Chrome browser version 80.0.3987.162 for all the operating systems. But, according to the Center for Internet Security (CIS), the most severe flaws could allow attackers to execute arbitrary code.

“Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights,” CIS announced in an alert.

Until now, as Google is usually doing, the company has not offered many details of the bugs. But they usually do this only after a majority of users are updated with the fix. Still, the giant outlined three of the vulnerabilities. External researchers discovered them.

So, two of the high-severity vulnerabilities discovered are related to the WebAudio component of Chrome (CVE-2020-6450 and CVE-2020-6451). This component helps processing and synthesizing audio in web apps.

Both flaws are memory corruption flaws where the attackers try to access memory after it has been freed. So, this may cause different important problems, from a program crash to the execution of arbitrary code. That’s why analysts call the flaw a use-after-free-flaw.

Attackers could remotely exploit the flaws

It turned out that the attackers could exploit the flaw tied to CVE-2020-6450 remotely, without any authentication. Man Yue Mo, from the Semmle Security Research Team reported the flaws on March 17.

Also, more than one week before, on March 9, a researcher reported another vulnerability in the Media component of Chrome. This component displays video and audio browsers. The vulnerability (CVE-2020-6452) allows a buffer overflow attack. This appears when an area of the physical memory used for temporarily storing data (a buffer) is allocated in the region of the process’s memory used to store variables. The excessive data amounts corrupt the memory around and could alter other data. Thus, it opens the door for malicious attacks.

So, the CIS alert recommended users to “apply the stable channel update immediately”.

It seems that severe flaws in Chrome represent a big problem, lately. Google had to patch a web browser zero-day bug in February 2020.

Laurentiu Titei

Laurentiu, a creative content writer, has been producing articles about technology for more than 10 years. He is interested in all the security and internet news and his mainstream media background helps make them readable for all kinds of users. Moreover, he grows the appropriate social media channels for websites.

Recent Posts

Digital Advertising practices, under the pressure of fines

Its digital advertising practices continue to bring troubles for Google. Two separate cases will go to court in the UK…

2 years ago

Advertising discrimination, addressed by huge companies

WPP, Delta Airlines, Kellogg and Mindshare take the issue of advertising discrimination seriously, in order to combat bias in digital…

2 years ago

Ad fraud might hit $100B, advertising companies worry

Ad fraud has become a very big issue for both users and the advertising agencies. Different forms of it might…

3 years ago

The ad-based business model: Would Facebook change it?

The Facebook lead architect of the ad-based business model leaves the company. Let's see how her move could affect company's…

3 years ago

Here it comes: New Meta privacy policy. Does it matter?

A new Meta privacy policy comes soon for the company's platforms. Users would be notified of the updates about how…

3 years ago

Advertising company: ”Our customers don’t like ads”

As its “customers don't like ads,” Evite, an American online party planner, decided to just close its advertising business, while…

3 years ago