CVE-2020-6418: Google Chrome Type Confusion Vulnerability Exploited in the Wild
Google is aware of reports that a type confusion flaw in Google Chrome has been exploited in the wild.
On February 24, Google released a new stable channel update for Google Chrome for Desktop to address several vulnerabilities, including one that has been reportedly exploited in the wild.
Google says it’s “aware of reports that an exploit” for this flaw “exists in the wild,” implying this may have been exploited as a zero-day.
Detailed information about the vulnerability is restricted at this time. Further information about this vulnerability may become available in the future, after users have had time to apply patches. We will update this blog post if and when this information becomes available.
Proof of concept
While this vulnerability has been exploited in the wild, at the time this blog post was published, there was no public proof-of-concept available.
Google released Chrome version 80.0.3987.122 for Windows, Mac and Linux to address CVE-2020-6418. Google also patched two additional vulnerabilities in this release, including CVE-2020-6407, an out-of-bounds memory access vulnerability and an integer overflow vulnerability that does not have an associated CVE identifier.
Identifizieren betroffener Systeme
A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released.
Verfolgen Sie die Beiträge des Security Response Team von Tenable in der Tenable Community.
Erfahren Sie mehr über Tenable, die erste Cyber Exposure-Plattform für die ganzheitliche Verwaltung Ihrer modernen Angriffsoberfläche.
Testen Sie Tenable.io Vulnerability Management 30 Tage kostenlos.
Sind Sie durch die neuesten Exploits gefährdet?
Geben Sie Ihre E-Mail-Adresse ein, um die neuesten Warnmeldungen zu Cyberrisiken in Ihrem Posteingang zu erhalten.