Google has fixed a
high-severity flaw in the latest version of Chrome browser that could lead to
code execution.
Google has fixed a
high-severity flaw in the latest version of Chrome
browser that could lead to code execution.
The Google Chrome web browser had a use-after-free vulnerability in its
"WebGL" component that could allow a user to execute arbitrary code
in the context of the browser process.
A hacker could manipulate
the memory layout of the browser in a way that they could gain control of the
use-after-free exploit, which could ultimately lead to arbitrary code
execution.
According to Jon Munshaw
from Cisco Talos, the security researchers worked with Google to ensure that
these issues are resolved and that an update is available for affected
customers.
"This vulnerability
specifically exists in ANGLE, a compatibility layer between OpenGL and Direct3D
that Chrome uses on Windows systems," Munshaw informed in a statement on
Monday.
With proper memory layout
manipulation, an attacker can gain full control of this use-after-free
vulnerability which could ultimately lead to arbitrary code execution in the
context of the browser.
Another bug was found in
Google's Chromium-based browsers in early August that could allow hackers to
bypass the Content Security Policy (CSP) on websites, in order to steal data
and execute rogue code.
Hackers could also exploit
an unpatched flaw in Google Drive to distribute malicious files disguised as
legitimate files on systems worldwide.
The Hacker News reported that
Google
is aware of the latest security issue that is found in the "manage
versions" functionality in Google Drive.
The functionality allows
users to upload and manage different versions of a file.
No comments:
Post a Comment