Skip to main content

Google Chrome issues critical security warning for 2 billion users: Here's the fix

posted onApril 20, 2020
by l33tdawg
Laptop Mag
Credit: Laptop Mag

Google revealed a "critical" security vulnerability in Chrome last weeks but remained tight-lipped about what exactly had gone wrong. We now have an idea, and "critical" is putting it lightly.

Sophos security researcher Paul Duckling wrote in a blog post that the fix in Chrome version 81.0.4044.113 patches a vulnerability that lets attackers avoid Chrome's usual security checks (via Tom's Guide). It also bypasses what Duckling calls "are you sure" dialog boxes -- those pop-ups that appear when you might be approving something you shouldn't.

The one detail Google provided in its security notice is that the bug is what's called a "use after free" exploit. These memory corruption vulnerabilities can be used by hackers to run malicious code by taking control of memory after it has been freed for other apps to use. In the case of this Chrome flaw, the use after free exploit would let a bad actor "change the flow of control inside your program, including diverting the CPU to run untrusted code that the attacker just poked into memory from outside," Duckling wrote.

Source

Tags

Security Industry News

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th