Shulou(Shulou.com)05/31 Report--

Google in the active attack to repair Chrome 0-day loopholes under the example analysis, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

Google released a Chrome update on the 25th to fix three security vulnerabilities, including a 0-day vulnerability that is being actively exploited.

Details of these attacks and how the vulnerability was used to attack Chrome users have not been made public.

The attacks were discovered by Clement Lecigne, a member of Google's threat analysis team, on February 18. The Google threat Analysis Group is the Google unit that investigates and tracks groups of threat actors.

The 0-day vulnerability is fixed in Chrome version 80.0.3987.122. Updates are available for both Windows,Mac and Linux users, but patches are not available for ChromeOS,iOS and Android users.

The 0-day vulnerability is numbered CVE-2020-6418 and is described with only one sentence "type confusion in V8".

V8 is a component of Chrome and is responsible for processing JavaScript code.

Type obfuscation refers to a coding vulnerability that occurs when an application performs an operation with input initialization data of a particular "type" but is tricked into treating that input as a different "type".

"Type obfuscation" results in logic errors in the application's memory, which can be exploited by an attacker to run unrestricted malicious code in the application.

This is the third Chrome 0-day vulnerability that has been actively exploited in the past year.

Google fixed the first Chrome 0-day vulnerability last March (CVE-2019-5786 in Chrome 72.0.3626.121), followed by the second Chrome 0-day vulnerability in November (CVE-2019-13720 in Chrome 78.0.3904.8).

Chrome version 80.0.3987.122 also provides two other security updates, but these two vulnerabilities have not been exploited. It is recommended that users update Chrome as soon as possible.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.