If you are an active user of the Chrome browser, Google wants you to stop all the work and update Chrome browser, right away!
Google has updated its Chrome browser for Linux, Mac and Windows in hopes of mitigating some serious security vulnerabilities. It has been reported that malicious code for attacking Chrome is already made public, therefore we have to patch our browsers in order to safeguard ourselves before our browsers stand a chance to get exploited.
The Chrome version 80.0.3987.122 addresses three flaws identified by various researchers. This update is however not available for Chrome on Android and iOS platforms as yet. If you’re a Chrome user on Windows, Mac and Linux you will need to update to the latest version. You can check if your Chrome is updated by opening Settings > About Chrome and check the version number which is 80.0.3987.122. According to a release note on Monday by a test engineer at Google named Krishna Govind each of these flaws happens to be rated according to their severity.
The first bug earned a $5,000 bounty from Google by André Bargull who reported it. It was an integer-overflow bug in International Components for Unicode (ICU), a set of libraries for C/C++ and Java that handle Unicode and globalization support. No CVE has been issued.
As reported by Sergei Glazunov of Google’s Project Zero team, the second flaw was an out-of-bounds memory access in the streams component of the Chromium browser. It’s designated CVE-2020-6407.
The third bug was reported by Clement Lecigne of Google’s Threat Analysis Group. He found a type-confusion bug in the TurboFan compiler for V8, the open-source Chromium JavaScript engine. This was disclosed by him to the Chromium team on February 18th wherein it was fixed a day later.
István Kurucsai and Vignesh Rao who are researchers from Exodus Intelligence, at the time found this public-source code tweak and studied in hopes to find if it’s still practical to identify security fixes among code changes in the Chromium source tree and therefore, exploit it before the patch is officially rolled out.
A proof of concept exploit code for CVE-2020-6418 after spotting the fix buried in the source tree was developed by Kurucsai and Rao before Google rolled out an official patch. Those who are slow to patch now could be targeted by white and black hat hackers alike using the duo’s exploit code.
It was noted that Google is very much aware of the reports that an exploit for CVE-2020-6418 exists in the wild according to Govind from Google. However, as of right now, discussions related to this exploit is being kept private.
Google Chrome’s Constant Tussle With Security Flaws
As of now, Google’s Chrome Browser is easily beating all other browsers available in the market when it comes to market share. Chrome enjoys a whopping two-thirds majority of the worldwide Web browser market. Being the most popular browser, Chrome is on the target of hackers constantly, which has resulted in serious security threats at regular intervals.
Starting from buggy updates which cost their users a lot of time and money to having more than 500 harmful extensions sitting in their Chrome Webstore ready to be downloaded, Google’s Chrome browser has been treading on thin ice when it comes to saving themselves from a major security attack.
Google has always tried to solve and patch the recurring notifications of security flaws as soon as they get wind of it. However, it certainly seems to be becoming an uphill battle for them wherein the new and unique security flaws are discovered almost every month or so. As a tech behemoth whose products and services are relied on by millions of users every single day, it becomes necessary that Google speeds up their process related to security to provide smooth and uninterrupted functioning to its users.
