Google just released a major update for Chrome, within the version 80.0.3987.122 of the browser app for Windows, Mac, and Linux operating systems, but not also Chrome OS, iOS, and Android. With this update Google goes to close three dangerous "zero-day" flaws, one of which is currently being used by hackers to carry out attacks.
The vulnerability in question was classified as CVE-2020-6418 and it's about Chrome's JavaScript engine, the so-called V8 component. The flaw is a "type confusion" error: a code bug where an app initiates data execution operations using input of a specific "type", but is induced to treat the input as a "type" " different. This error causes the browser-managed memory to generate errors and can lead to situations where a hacker, who knows the flaw and knows how to exploit it, is able to execute malicious code within the program without anyone being able to stop it.
Attack in progress
The danger of the CVE-2020-6418 vulnerability it would seem very high, also due to the fact that Google itself admits that attacks are underway that exploit it. However, we have no details on who, how, where and how much CVE-2020-6418 is exploiting because Google has secreted the information. On the page of the Chromium Project site relating to this vulnerability, in fact, you can only read one thing: “Permission denied“, permission denied. More information about this vulnerability will likely be released in the future after users have had time to apply patches contained in the update included in the Chrome version 80.0.3987.122.
Third case in a year
La CVE-2020-6418 vulnerability represents the third case of a Chrome "zero-day" bug that has been exploited by hackers in the past year. Google previously patched the Chrome's first zero-day in March of last year (CVE-2019-5786 in Chrome 72.0.3626.121), and then a second in November (CVE-2019-13720 in Chrome 78.0.3904.8). A zero-day vulnerability it consists of a problem in the code of an app that was not detected at the time of writing the code and that is only discovered later. Therefore, all outdated apps contain the vulnerability and, consequently, it is always better not to disclose much information about it before most users have updated the application and "closed" the flaw.
Chrome, security flaw discovered, update your browser immediately
