• Home
  • Apps
  • Apps News
  • Chrome Gets Patch for a Zero Day Flaw That’s Being Exploited in the Wild

Chrome Gets Patch for a Zero-Day Flaw That’s Being Exploited in the Wild

The Chrome zero-day vulnerability is tracked under CVE-2020-6418 and is described as a "type confusion in V8".

Share on Facebook Tweet Snapchat Share Reddit Comment
Chrome Gets Patch for a Zero-Day Flaw That’s Being Exploited in the Wild

Google Chrome has received three zero-day fixes in the past year

  • Google Chrome version 80.0.3987.122 carries the patch
  • The latest Chrome update also fixes two other highly severe issues
  • Google Chrome update is available for Windows, Mac, and Linux users

Google has patched a zero-day vulnerability in Chrome that is being exploited in the wild. The new patch is a part of the latest Chrome update that carries version 80.0.3987.122 for Windows, Mac, and Linux users, the search giant revealed through a blog post. The update is the third in the series of zero-day fixes that Google has brought in the past year. The first zero-day vulnerability was discovered and patched in March last year. It was a part of the Chrome version 72.0.3626.121.

Antti Tikkanen of Google's Threat Analyst Group posted a tweet on Tuesday to announce the patching of the zero-day vulnerability that is tracked under CVE-2020-6418. The Chrome team also separately mentioned in the blog post that the vulnerability was reported by Clement Lecigne of Google's Threat Analysis Group on February 18.

Google is aware of reports that an exploit for CVE-2020-6418 exists in the wild,” the company wrote in the blog post.

It is unclear whether any malicious parties leveraged the security loophole to affect Chrome users. However, the vulnerability has been described as a “type confusion in V8.”

As noted by Catalin Cimpanu of ZDNet, V8 is a component in Google Chrome that is responsible for processing JavaScript code. A community-developed list on the Common Weakness Enumeration (CWE) website states that a “type confusion” refers to the program that allocates or initialises a resource using one type, but it is later tricked to access that resource using a type that is not matching with the original type. Moreover, a bug of type confusion nature could allow attackers to execute unrestricted malicious code within an app.

The Chrome version 80.0.3987.122 that includes the fix for the newly discovered zero-day flaw is available for download for Windows, Mac, and Linux users. The update also contains fixes for two other vulnerabilities that had “high” severity.

In March last year, Google patched the zero-day flaw listed as CVE-2019-5786 that was also reported by Clement Lecigne of the Threat Analysis Group. The second zero-day vulnerability that the search giant fixed in the last one year was tracked by an identifier of CVE-2019-13720 that was patched in November.


For the biggest CES 2021 stories and latest updates, visit our CES hub.

Further reading: Google Chrome, Chrome, Google, zero day
Jagmeet Singh Jagmeet Singh writes about consumer technology for Gadgets 360, out of New Delhi. Jagmeet is a senior reporter for Gadgets 360, and has frequently written about apps, computer security, Internet services, and telecom developments. Jagmeet is available on Twitter at @JagmeetS13 or Email at jagmeets@ndtv.com. Please send in your leads and tips. More
Amazon Opens Its First Cashier-Less Grocery Store in the US
India to Launch Geo Imaging Satellite GISAT-1 on March 5

Related Stories




© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com