Alert! New Chrome 0-Day Hijacking Targeted Computers

October 28, 2020
Browse All Blogs
chrome 0-day
Google has set out an update to Chrome web browser version 86.0.4240.111 that addresses five security bugs, including vulnerabilities that are proven to be actively exploited by attackers.
Google patched 2 more zero-day attacks last year which includes CVE-2019-5786 (Chrome 72.0.3626.121) in march and CVE-2019-13720 (Chrome 78.0.3904.8) in November.
The zero-day is tracked with the CVE-2020-15999 ID, and is identified as "type V8 uncertainty."
V8 is a part of Chrome which is responsible for processing JavaScript code.
A type confusion refers to coding bugs in which an app contains data execution using a particular "type" input. But is misled to treat the input as a "type" other than that.
The "type mistake" leads to logical errors in the memory of the app and can lead to an attacker running an unauthorized malicious code in the app.
This form of memory-corruption bug called heap buffer overflow in Freetype. A common open-source software development library for rendering fonts that come bundled with Chrome.
Security researcher Sergei Glazunov of the Google Project Zero discovered and announced the vulnerability on 19 October and was subject to a public release deadline of seven days as a result of the flaw in active exploitation.
Project Zero leader Ben Hawkes shared the information and the link on his Twitter account to the stable patch update. He says that FreeType's "actively abused" zero-day was used to target Chrome.
Ben Hawkes chrome zero day
He also warned that while the bug was spotted in Chrome only, other FreeType library users should check whether or not they were under attack. He shared with the bug fix program the link to indicate that the fix was also included in FreeType 2.10.4's latest stable release.
Four other flaws are also patched with three of them high and one medium-sized bug.
chrome vulnerabilities
Whereas the Chrome Web browser automates the latest available version, users can activate the update by using the "Help Google Chrome" menu to manually activate the update process.

Users also read:

January 6, 2021
How to Invade CouchDB with Ubuntu

In this article, we will demonstrate how you can set up your vulnerable CouchDB for pen-testing in Ubuntu 20.4

December 24, 2020
How to grab windows credentials using FakeLogonScreen Tool

This tool pretty much creates the fake logon screen on victim computer. Victim might think he accidentally logged off but that’s not the case.

December 17, 2020
Google collapse: YouTube, Google meet, Maps Stop working around the globe

Google experienced difficulties on a large scale for it’s online services, such as YouTube, Google Meet, Google Maps, Google Calendar.

Leave a Reply

Your email address will not be published. Required fields are marked *

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram