Technology giant Google has issued today a Chrome update to highlight three security bugs, including a zero-day flaw that is being vigorously abused in the wild.

Full information about these attacks are not yet revealed, and it’s not known how this bug is being used against Chrome users.

It is well-known that Clement Lecigne, a member of Google’s Threat Analysis Group, exposed the attacks last week, on February 18, by a division at Google that probes and tracks threat actor groups.

Fixes for this zero-day have been issued part of Chrome version 80.0.3987.122.

The zero-day is followed under the identifier of CVE-2020-6418, and is labeled only as a “type confusion in V8.”

V8 is Chrome’s module that’s responsible for processing JavaScript code.

A type misperception refers to coding bugs during which an app starts data implementation operations using input of a precise “type” but is deceived into treating the input as a different “type.”

The “type confusion” results in rational mistakes in the app’s memory and can lead to circumstances where an attacker can run unhindered malicious code inside an application.

This is the third Chrome zero-day that has been abused in the wild in the past year.

Google repaired the first Chrome zero-day in March last year (CVE-2019-5786 in Chrome 72.0.3626.121), and then a second in November (CVE-2019-13720 in Chrome 78.0.3904.8).

Chrome v80.0.3987.122 also offer two additional security updates, but these have not been abused in the wild.

Leave a Reply

Your email address will not be published. Required fields are marked *