DESCRIPTION:
Multiple vulnerabilities have been discovered in Google Chrome. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code. Details of the vulnerabilities are as follows:
● CVE-2020-6407: Out of Bounds Memory Access in Streams
CVE-2020-6407 exists due to a boundary error when processing untrusted input in streams. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger out-of-bounds write and execute arbitrary code on the target system.
● CVE-2020-6418: Type Confusion in V8
The type of confusion flaw allows a remote attacker to execute arbitrary code on the target system and resides in the V8 component. Successful exploitation of this vulnerability may result in a complete compromise of a vulnerable system.
AFFECTED RELEASES:
Google Chrome versions prior to 80.0.3987.116
SOLUTION:
Upgrade to at least Google Chrome 80.0.3987.122 by following steps:
1. Open the Google Chrome browser.
2. Enter “chrome://settings/help” in the address bar. The window that appears will automatically check for updates and show you the current version of Chrome.
3. After Chrome is updated, click the “RELAUNCH” option to restart Chrome and complete the update.
REFERENCE:
1. https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
2. https://zh-tw.tenable.com/blog/cve-2020-6418-google-chrome-type-confusion-vulnerability-exploited-in-the-wild
3. https://www.ithome.com.tw/news/136005