Google disclosed five highly serious vulnerabilities in the Chrome browser in its announcement on Tuesday. Based on the privileges associated with the application, an attacker can view, change or delete data. According to Google, successfully exploiting the most serious of these vulnerabilities may allow an attacker to execute arbitrary code in the context of the browser.
The following are the details of the vulnerability:
Vulnerability details
1. CVE-2020-15960 severity: high
The heap buffer overflow (out-of-bounds read) vulnerability may allow a remote attacker to perform out-of-range memory access through elaborate HTML pages. Successful exploitation of the vulnerability may enable an attacker to execute arbitrary code in the context of the browser. If this application is configured to have fewer user rights on the system, the impact of exploiting the most serious vulnerabilities may be less than when the administrative rights are configured.
2. CVE-2020-15961, CVE-2020-15963 severity: high
Attackers can trick users into installing malicious extensions, making it possible to perform sandbox escape through elaborate Chrome extensions. (The principle of the sandbox is to run the program in an isolated space, and the program running in the sandbox is readable and not writable, so as to prevent the program from permanently modifying or causing damage to other computer programs and data. Sandbox escape It means that the malicious program code breaks through the sandbox restrictions and destroys the computer)
3. CVE-2020-15962 severity: high
The vulnerability could allow a remote attacker to perform out-of-bounds memory access through elaborate HTML pages.
4. CVE-2020-15965 severity: high
An out-of-bounds write vulnerability exists in the open source JavaScript engine V8 developed by Google Chrome and Chromium web browsers. This vulnerability may make it possible for remote attackers to perform out-of-bounds memory access through elaborate HTML pages.
Google said that there are no reports of these vulnerabilities being exploited. Google urges vulnerable Chrome users to immediately perform security updates, and reminds users to “do not visit untrusted websites or follow links provided by unknown or untrusted sources.”
Affected products and versions
Google Chrome versions prior to 85.0.4183.121 will be affected
solution
Windows, Mac and Linux users upgrade to Chrome 85.0.4183.121 version to fix the above vulnerabilities
For more vulnerability information and upgrades, please visit the official website:
https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html
For more such interesting article like this, app/softwares, games, Gadget Reviews, comparisons, troubleshooting guides, listicles, and tips & tricks related to Windows, Android, iOS, and macOS, follow us on Google News, Facebook, Instagram, Twitter, YouTube, and Pinterest.