Login

Register

Login

Register

Mystery zero-day in Chrome – update now! – Naked Security


Google has issued an update for its widespread Chrome browser to fix three security holes.

Unfortunately, one of those holes is what’s known as a zero-day: a bug that was already being exploited by cyerbcrooks before Google tracked it down and fixed it.

Sadly, that’s about all we know about the issue so far.

Google, which is often vociferous about bugs and how they work, especially those found by its own Project Zero and Threat Analysis teams, is playing its cards close to its chest in this case.

As the company’s update notification says:

Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

We’re guessing that Google is worried that giving away too much at this stage might encourage additional attackers – ones who haven’t figured this bug out yet – to try to get in on the act.

That’s because bug descriptions alone, even without source code, can give crooks a hint where to look.

If those crooks know other Bad Guys have already figured out how to exploit it, then they know that there’s more than just a theoretical chance of abusing the bug if they happen to rediscover it themselves.

All we can tell you is what Google has already said, namely:

CVE-2020-6418: Type confusion in V8. Reported by Clement Lecigne of Google’s Threat Analysis Group on 2020-02-18

Google is aware of reports that an exploit for CVE-2020-6418 exists in the wild.

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


Ads

NATIONAL CYBER SECURITY RADIO

Ads

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW