Google Chrome Bugs Open Browsers to Attack | Threatpost

Google has stomped out several serious code-execution flaws in its Chrome browser. To exploit the flaw, an attacker would merely need to convince a target to visit a specially crafted webpage via phishing or other social-engineering lures.

Overall, Google’s release of Chrome 85.0.4183.121 for Windows, Mac and Linux – which will roll out over the coming days – fixed 10 vulnerabilities. The successful exploitation of the most severe of these could allow an attacker to execute arbitrary code in the context of the browser, according to Google. Google Chrome versions prior to 85.0.4183.121 are affected.

“Depending on the privileges associated with the application, an attacker could view, change or delete data,” according to Google’s Tuesday security advisory. “If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.”

Google disclosed five high-severity flaws in its Tuesday advisory, although technical details remain scant as this information is usually “kept restricted until a majority of users are updated with a fix,” according to its advisory.

However, Google did say that “these vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page.”

The high-severity flaws include an out-of-bounds read error in storage in Google Chrome (CVE-2020-15960). This heap buffer-overflow flaw could allow a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Also fixed were three flaws relating to insufficient policy enforcement. These include two bugs stemming from extensions in Google Chrome  (CVE-2020-15961, CVE-2020-15963), which could allow an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

The third sufficient policy-validation (CVE-2020-15962) issue exists in Chrome’s serial function, and could allow a remote attacker to potentially perform out-of-bounds memory access via a crafted HTML page.

Finally, Google fixed an out-of-bounds write flaw (CVE-2020-15965) in V8, an open-source JavaScript engine developed by The Chromium Project for Google Chrome and Chromium web browsers. The flaw could allow a remote attacker to potentially perform out-of-bounds memory access via a crafted HTML page.

Google said that there are currently no reports of these vulnerabilities being exploited in the wild. The company urged Chrome users to apply the stable channel update to vulnerable systems immediately, and reminded users “not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.”

Last month, Google fixed various severe vulnerabilities in its web browsers, including a bug in Google’s Chromium-based browsers that could allow attackers to bypass the Content Security Policy (CSP) on websites, in order to steal data and execute rogue code. Google also fixed a high-severity Chrome vulnerability that could be used to execute arbitrary code, in August.