Google Fixes High-Severity Chrome Browser Code Execution Bug

Google Fixes High-Severity Chrome Browser Code Execution Bug

Google Fixes High-Severity Chrome Browser Code Execution Bug: The high-severity flaw, which was patched in the latest version of Google's Chrome browser, could allow code execution.

The high-severity flaw, which was patched in the latest version of Google’s Chrome browser, could allow code execution.

The Google Chrome web browser has a high-severity vulnerability that could be used to execute arbitrary code, researchers say. The flaw has been fixed in the Chrome 85 stable channel, set to be rolled out to users this week.

The flaw (CVE-2020-6492) is a use-after-free vulnerability in the WebGL (Web Graphics Library) component of Chrome browser. This component is a Javascript API that lets users render 2D and 3D graphics within their browser. This specific flaw stems from the WebGL component failing to properly handle objects in memory.

“An adversary could manipulate the memory layout of the browser in a way that they could gain control of the use-after-free exploit, which could ultimately lead to arbitrary code execution,” according to Jon Munshaw with Cisco Talos in a Monday analysis.

The flaw ranks 8.3 out of 10 on the CVSS scale, making it a high-severity vulnerability. Researchers said this vulnerability specifically exists in ANGLE, a compatibility layer between OpenGL and Direct3D used on Windows by Chrome browser and other project.

According to the proof-of-concept (PoC) attack outlined by researchers, the issue exists in a function of ANGLE, called “State::syncTextures.” This function is responsible for checking if texture has any “DirtyBits.” These are “bitsets” indicating if a specific state value, associated with a block of computer memory, has been changed.

vulnerabilities web security chrome chrome 85.0.4149.0 security

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Google’s Chrome 86: Critical Payments Bug, Password Checker Among Security Notables

Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Windows, Mac, Android and iOS users. Google's Chrome 86: Critical Payments Bug, Password Checker Among Security Notables ... Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Windows, Mac, Android and iOS ...

Best Custom Web & Mobile App Development Company

Top Web & Mobile Application Development Company in India & USA. We specialize in Golang, Ruby on Rails, Symfony, Laravel PHP, Python, Angular, Mobile Apps, Blockchain, & Chatbots

Google Chrome Bugs Open Browsers to Attack

Google's new release of Chrome 85.0.4183.121 for Windows, Mac, and Linux fixes 10 security flaws.

Grindr's Bug Bounty Pledge Doesn't Translate to Security

At [email protected], Luta Security CEO Katie Moussouris stressed that bug bounty programs aren't a 'silver bullet' for security teams.

Chrome 86 Aims to Bar Abusive Notification Content

Google said Chrome 86 will automatically block malicious notifications that may be used for phishing or malware.