Successful exploitation of some of these flaws could allow attackers to take control of vulnerable systems
Google and Mozilla are each urging users to patch serious vulnerabilities in their respective web browsers, Chrome and Firefox, that could be exploited to allow threat actors to take over users’ systems. The security fixes will be rolled out to Windows, Mac, and Linux over the next few days. Importantly, none of the flaws has been spotted as being abused in the wild.
Chrome
The new stable release of Chrome, 87.0.4280.141, brings 16 security fixes; and while the tech giant won’t disclose details for all of them until the majority of its userbase has received the updates, it did highlight patches for 13 vulnerabilities that were reported by external researchers.
Twelve flaws were classified as high-risk, while one was determined to be medium in severity. Most of the high-severity flaws are use-after-free bugs, i.e. memory corruption flaws, residing in various Chromium components. They could be exploited if a user visited or was redirected to a specially crafted web page in order to achieve remote code execution in the context of the browser, noted the Center for Internet Security.
Google paid more than US$110,000 to the security researchers for discovering and reporting the vulnerabilities.
The Cybersecurity and Infrastructure Security Agency (CISA) issued a security advisory urging users and system administrators to update the browser: “Google has released Chrome version 87.0.4280.141 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit t ..
Support the originator by clicking the read the rest link below.
