• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
experts detail new rce vulnerability affecting google chrome dev channel

Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel

You are here: Home / General Cyber Security News / Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel
May 27, 2022

Information have emerged about a lately patched critical distant code execution vulnerability in the V8 JavaScript and WebAssembly motor utilized in Google Chrome and Chromium-centered browsers.

The issue relates to a scenario of use-right after-absolutely free in the instruction optimization element, effective exploitation of which could “enable an attacker to execute arbitrary code in the context of the browser.”

The flaw, which was identified in the Dev channel version of Chrome 101, was claimed to Google by Weibo Wang, a security researcher at Singapore cybersecurity enterprise Numen Cyber Technology and has considering the fact that been quietly fixed by the enterprise.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


CyberSecurity

“This vulnerability happens in the instruction range stage, where the improper instruction has been selected and resulting in memory accessibility exception,” Wang explained.

Use-after-absolutely free flaws manifest when past-freed memory is accessed, inducing undefined habits and triggering a program to crash, use corrupted knowledge, or even realize execution of arbitrary code.

What is extra regarding is that the flaw can be exploited remotely via a specially made internet site to bypass security limits and run arbitrary code to compromise the targeted programs.

chrome zero-day vulnerability

“This vulnerability can be further exploited using heap spraying strategies, and then potential customers to ‘type confusion’ vulnerability,” Wang defined. “The vulnerability permits an attacker to regulate the operate tips or compose code into arbitrary spots in memory, and ultimately direct to code execution.”

The corporation has not yet disclosed the vulnerability through the Chromium bug tracker portal to give as quite a few people as possible to put in the patched edition very first. Also, Google does not assign CVE IDs for vulnerabilities observed in non-steady Chrome channels.

CyberSecurity

Chrome people, primarily developers who use the Dev version of Chrome for testing to make certain that their apps are suitable with the newest Chrome options and API improvements, should really update to the hottest obtainable variation of the software package.

chrome zero-day vulnerabilityTurboFan assembly directions immediately after vulnerability patched

This is not the to start with time use-immediately after-absolutely free vulnerabilities have been found out in V8. Google in 2021 dealt with seven this sort of bugs in Chrome that have been exploited in authentic-entire world attacks. This 12 months, it also preset an actively exploited use-following-free of charge vulnerability in the Animation component.

Uncovered this post appealing? Adhere to THN on Fb, Twitter  and LinkedIn to browse extra distinctive material we write-up.


Some parts of this post are sourced from:
thehackernews.com

Previous Post: «nearly 100,000 npm users' credentials stolen in github oauth breach Nearly 100,000 NPM Users’ Credentials Stolen in GitHub OAuth Breach
Next Post: Twitter to Pay $150m Fine to Resolve Data Privacy Violations Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
  • How to Interpret the 2023 MITRE ATT&CK Evaluation Results
  • Iranian Nation-State Actor OilRig Targets Israeli Organizations
  • High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
  • Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
  • Mysterious ‘Sandman’ Threat Actor Targets Telecom Providers Across Three Continents
  • Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge
  • The Rise of the Malicious App
  • China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers
  • Cyber Group ‘Gold Melody’ Selling Compromised Access to Ransomware Attackers

Copyright © TheCyberSecurity.News, All Rights Reserved.