Google Fixed Multiple High Severity Chrome Bugs That Allow Hackers To Execute Arbitrary Code Remotely

Yesterday, the tech giant Google announced a stable channel update for the desktop of its popular Chrome web browser for Windows, Mac, and Linux, fixing eight vulnerabilities in the method. These repaired bugs involved at least three high-level bugs, flaws in WebAudio, and a top buffer overflow in media. 

Thus, the two WebAudio points were detected by Man Yue Mo of the Semmle Security Research Team, while the third bug was published by a researcher who goes by the alias asinine. The newest version of Chrome for the various OS platforms will roll out over the coming days and weeks. 

Depending on the opportunities connected with the application, an attacker could see, modify, or delete data. If this application has configured to have fewer user rights on the system, exploitation of the various severe of these vulnerabilities could have a limited impact than if it was configured with official rights.

Chrome has 64% of market share and it is the currently most popular browser accounting for more than half of the web traffic.

Systems Affected

Google Chrome versions before 80.0.3987.162. Update your browser and ensure the currently patched version is updated.

To update Chrome navigate to More >> Help >> Update Chrome.

Technical Overview

Various vulnerabilities have been identified in Google Chrome, and the most severe one simply enables arbitrary code execution. These vulnerabilities can be utilized if a user visits or redirected to a particularly crafted web page. There are details of the vulnerabilities, and here they are that we have mentioned below:-

  • Head-based buffer overflow in the Media component. (CVE-2020-6452)
  • The use-after-free vulnerability in the WebAudio component. (CVE-2020-6451)
  • The use-after-free vulnerability in the WebAudio component. (CVE-2020-6450)

Recommendations

Now, in this para, we will simply present you some essential steps that are really important and should be maintained:-

  • Perform the well-built channel update given by Google after appropriate testing.
  • Run all the software and tools without administrative privileges simply to reduce the consequences of a strong attack.
  • Notify users not to visit un-trusted websites or support links given by unknown sources.
  • Guide users about the threats professed by hypertext links included in emails or attachments from untrusted sources.
  • Use the principle of least privilege to all systems and services.

Hence, the profitable exploitation of the various severe of these vulnerabilities could enable an attacker to execute arbitrary code in the setting of the browser. Relying on the privileges linked with the application, an attacker could observe, change, or remove data.

Thus, if this application has configured to have fewer user rights on the system, exploitation of the various severe of these vulnerabilities could have a fewer influence than if it has set with legislative powers.

So, what do you think about this? Simply share all your views and thoughts in the comment section below.

Also Read: Chrome 80 Released for Windows, Mac, and Linux – Google Patched 56 Security Vulnerabilities

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Leave a Reply