Chrome’s zero-day bug details still scanty

Don Sharpe
by Don Sharpe
Author
Loading Comments
Download PDF

Chrome browser

If you are a Chrome user on Windows 10, you may have to wait a little longer before you can learn more about the zero-day bug that recently hit the browser. You can update to the latest Chrome version to protect yourself for now, though.

Ad

Google has not shared details about the security vulnerability yet

On February 24, Google released Chrome update 80.0.3987.122 and urged users to install it to guard their browsers against multiple bugs. About two days after the fix became available on the stable channel, the company has neither shared a proof of concept nor provided a comprehensive explanation of the problem.

Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

A type confusion glitch in V8

A member of Google’s Threat Analysis Group reported the CVE-2020-6418 vulnerability to the company earlier this month. The fault is a type confusion in the open-source JavaScript engine, V8.

You may want to update to the latest version of Chrome as soon as possible, considering that Google designated the threat level as high. The search engine giant has even acknowledged the possibility of an exploit for the bug existing in the wild.

That means a lot of bad actors may be actively trying to exploit the flaw right now. Little wonder Google is keeping details of the threat close to its chest until all Chrome users have secured their browsers.

CVE-2020-6407 and integer overflow in ICU complete the trio of bugs that Google is fixing with the latest Chrome update. These are severe browser vulnerabilities too.

What might happen if you don’t update

Chances of successful exploitation of any of the reported vulnerabilities are very high in older versions of Chrome. So a hacker could deploy arbitrary code within the context of your browser and execute unauthorized actions if you do not update.

In one such exploit, your browser could redirect you to a page specially crafted to steal sensitive information. A denial of service attack would not be a far-fetched idea in this context, either.

Besides the latest security patches, Google Chrome 80 supports the ability to deep-link web pages.