Chrome patches zero-day exploited in the wild (CVE-2020-6418)

Chrome patches zero-day exploited in the wild

Google has released security update for Chrome (80.0.3987.122) for Windows, Mac and Linux. The update also patches a zero-day vulnerability exploited in the wild.

An attacker could exploit these vulnerabilities to take control of impacted systems.

Google confirmed that one high severity “type confusion in V8” vulnerability CVE-2020-6418 has known exploits in the wild. The company also said certain bug details will remain restricted until most updates are deployed.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” Google stated in the update.

The Chrome security update also addresses two other High severity vulnerabilities contributed by external security researchers:

  • Integer overflow in ICU (no CVE provided)
  • CVE-2020-6407: Out of bounds memory access in streams.

Google also released Chrome 80 (80.0.3987.119) for Android on February 24.

Related Articles