The Google Chrome development team has now launched the Chrome stable channel update for desktop, v80.0.3987.122. This version is an emergency update, mainly to fix a known zero-day vulnerability.
The development team stated in a blog that this vulnerability (CVE-2020-6418) is located in the Google Chrome V8 engine and “Google is aware of reports that an exploit for CVE-2020-6418 exists in the wild.”
Based on security considerations, Google has not directly disclosed the details of this vulnerability, and Google will not announce the details until most subsequent users have upgraded the new version.
Although the current vulnerability has not been made public, some researchers have researched the vulnerability. According to the current analysis results, vulnerability mainly causes memory corruption.
When processing the data, the V8 engine first determines the data type and then performs targeted processing, but some researchers have found that the V8 engine may sometimes incorrectly identify the type.
When an attacker produces targeted data and obfuscates it, he can fool the V8 engine. The engine crashes when it encounters a memory logic error while processing related data.
At this point, the attacker can execute arbitrary code to threaten the security of the user. This is also the vulnerability that Google evaluates as a high-risk vulnerability.
At present, Google has begun to push the repaired new version to users. If users have not upgraded the new version, they should immediately check for updates and upgrade the new version to ensure security.
The post Google Chrome v80.0.3987.122 fixes 3 security fixes, CVE-2020-6418 exists in the wild appeared first on InfoTech News.