Operation and MaintenanceSafetyAnalysis of examples of Google fixing Chrome 0-day vulnerabilities under active attacksAnalysis of examples of Google fixing Chrome 0-day vulnerabilities under active attacks
In the Chrome update on the 25th, Google fixed three security vulnerabilities, including a 0-day vulnerability that was being actively exploited.
Details about these attacks and how the vulnerability was exploited against Chrome users have not been made public.
The attacks were discovered on February 18 by Clement Lecigne, a member of Google’s threat analysis team. Google's Threat Analysis Group is the team responsible for investigating and tracking malicious activity.
The 0-day vulnerability has been fixed in Chrome version 80.0.3987.122. There are updates available for Windows, Mac and Linux users, but there is no patch available for ChromeOS, iOS and Android users.
The 0-day vulnerability number is CVE-2020-6418, and the vulnerability description is only "Type confusion in V8".
V8 is a component of Chrome that handles JavaScript code.
Type confusion refers to a coding vulnerability that occurs when an application uses input initialization data of a specific "type" to perform an operation, but is deceived into treating the input as a different "type".
A logical error in application memory due to "type confusion" could allow an attacker to run unrestricted malicious code in the application.
This is the third Chrome 0-day vulnerability to be actively exploited in the past year.
Google fixed the first Chrome 0-day vulnerability (CVE-2019-5786 in Chrome 72.0.3626.121) in March last year, followed by the second Chrome 0-day vulnerability (Chrome 72.0.3626.121) in November CVE-2019-13720 in 78.0.3904.8).
Although Chrome version 80.0.3987.122 provides two additional security updates, these two vulnerabilities have not yet been exploited. Users are advised to update Chrome as soon as possible.
The above is the detailed content of Analysis of examples of Google fixing Chrome 0-day vulnerabilities under active attacks. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 Chinese version
Chinese version, very easy to use
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
SublimeText3 English version
Recommended: Win version, supports code prompts!
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
