Release of two zero-day vulnerabilities for Google Chrome browser

After releasing version 78 of Google Chrome browser, two high-sensitivity zero-day vulnerabilities for this browser were announced by two engineers from Kaspersky.
Immediately, Google released version 78.0.39 to fix the issue. The vulnerabilities are of use after free type and may cause remote code execution attack.
This vulnerability is caused by memory corruption and occurs when one program seeks to use the memory space allocated to another program after release. This scenario usually causes the program to crash, but sometimes has worse consequences such as remote code execution attack.
This security hole is of use after free bugs and has been discovered in Chrome's audio component. According to surveys, this zero-day vulnerability has been exploited to install malware on users' devices.
If you use Google Chrome browser on your mobile phone, it is recommended to update this software as soon as possible.
 

Navigation