Google Fixes High-Severity Chrome Browser Code Execution Bug

Google Fixes High-Severity Chrome Browser Code Execution Bug: The high-severity flaw, which was patched in the latest version of Google's Chrome browser, could allow code execution.

The high-severity flaw, which was patched in the latest version of Google’s Chrome browser, could allow code execution.

The Google Chrome web browser has a high-severity vulnerability that could be used to execute arbitrary code, researchers say. The flaw has been fixed in the Chrome 85 stable channel, set to be rolled out to users this week.

The flaw (CVE-2020-6492) is a use-after-free vulnerability in the WebGL (Web Graphics Library) component of Chrome browser. This component is a Javascript API that lets users render 2D and 3D graphics within their browser. This specific flaw stems from the WebGL component failing to properly handle objects in memory.

“An adversary could manipulate the memory layout of the browser in a way that they could gain control of the use-after-free exploit, which could ultimately lead to arbitrary code execution,” according to Jon Munshaw with Cisco Talos in a Monday analysis.

The flaw ranks 8.3 out of 10 on the CVSS scale, making it a high-severity vulnerability. Researchers said this vulnerability specifically exists in ANGLE, a compatibility layer between OpenGL and Direct3D used on Windows by Chrome browser and other project.

According to the proof-of-concept (PoC) attack outlined by researchers, the issue exists in a function of ANGLE, called “State::syncTextures.” This function is responsible for checking if texture has any “DirtyBits.” These are “bitsets” indicating if a specific state value, associated with a block of computer memory, has been changed.

vulnerabilities web security chrome chrome 85.0.4149.0 security

Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Windows, Mac, Android and iOS users. Google's Chrome 86: Critical Payments Bug, Password Checker Among Security Notables ... Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Windows, Mac, Android and iOS ...

Top Web & Mobile Application Development Company in India & USA. We specialize in Golang, Ruby on Rails, Symfony, Laravel PHP, Python, Angular, Mobile Apps, Blockchain, & Chatbots

Google's new release of Chrome 85.0.4183.121 for Windows, Mac, and Linux fixes 10 security flaws.

At [email protected], Luta Security CEO Katie Moussouris stressed that bug bounty programs aren't a 'silver bullet' for security teams.

Google said Chrome 86 will automatically block malicious notifications that may be used for phishing or malware.