Technology Google patches Chrome zero-day under active attacks

09:40  26 february  2020
09:40  26 february  2020 Source:   zdnet.com

Chrome OS to soon support Android-inspired gesture controls

  Chrome OS to soon support Android-inspired gesture controls Over the weekend, Android Police reported that Chrome OS 80, a version of the operating system currently in beta, will support a gesture-based navigation system which will make the OS more usable by tablet users. In an Android 10-like fashion, Chrome OS is getting a collection of gesture controls with which people can use to navigate the system sans keyboard.In an Android 10-like fashion, Chrome OS is getting a collection of gesture controls with which people can use to navigate the system sans keyboard. As a result, a wider range of handheld mobile devices will actually be able to effectively use the Google-made OS.

Google revealed yesterday that a patch for Chrome last week was actually a fix for a zero - day that was under active attacks . According to an update to its original announcement and a tweet from Google Chrome 's security lead, the patched bug was under active attacks at the time of the patch .

New Chrome 0 - day Bug Under Active Attacks – Update Your Browser Now! With the release of Chrome 78.0.3904.87, Google is warning billions of users to install an urgent software update immediately to patch two high severity vulnerabilities, one of which attackers are actively exploiting

Google has released today a Chrome update to address three security bugs, including a zero-day vulnerability that is being actively exploited in the wild.

a close up of a computer © ZDNet

Details about these attacks are not yet public, and we don't know how this bug is being used against Chrome users.

All we know is that the attacks were discovered last week, on February 18, by Clement Lecigne, a member of Google's Threat Analysis Group, a division at Google that investigates and tracks threat actor groups.

Chrome and YouTube will banish ads from the middle of short videos

  Chrome and YouTube will banish ads from the middle of short videos Cracking down on annoying ads means people block them less, Google says.It's part of a gradual ad crackdown at Google, which wants to keep people from getting annoyed by the web even as it relies on advertising revenue to fuel its own enormous business. YouTube generated $15 billion in revenue in Google's most recent quarter.

Zero - day vulnerability was patched after security researchers discovered it being exploited in the wild. Engineers at Google have released an urgent update for the company's Chrome browser which patches an actively exploited zero - day vulnerability.

Users of the Chrome web browser are being urged to update their browsers as a zero - day vulnerability is being actively exploited. Google has revealed that the cause of last week’s CVE-2019-5786 update was the uncovering of a zero - day exploit which is actively under attack .

Patches for this zero-day have been released part of Chrome version 80.0.3987.122. The update is available for Windows, Mac, and Linux users, but not Chrome OS, iOS, and Android.

The zero-day is tracked under the identifier of CVE-2020-6418, and is described only as a "type confusion in V8."

V8 is Chrome's component that's responsible for processing JavaScript code.

A type confusion refers to coding bugs during which an app initializes data execution operations using input of a specific "type" but is tricked into treating the input as a different "type."

The "type confusion" leads to logical errors in the app's memory and can lead to situations where an attacker can run unrestricted malicious code inside an application.

Third Chrome zero-day in the past year

This is the third Chrome zero-day that has been exploited in the wild in the past year.

One of the coolest Pixel 4 features might be coming to Chrome soon

  One of the coolest Pixel 4 features might be coming to Chrome soon The Pixel 4 might not have been Google's most impressive smartphone offering, but it did introduce a few of the more intriguing features we have seen on a Google smartphone. One of the features was Live Caption, which automatically captions any media playing on the phone, including videos, podcasts, and audio messages. Live Caption is currently only available on select Pixel models, but a similar feature is seemingly in the works for Chrome. AsAs noted by Chrome Unboxed this week, the following commit from the Chromium Gerrit repository suggests that the Chrome team is looking to bring the mobile-only feature to its web browser as well:

Google Chrome ’s security lead has warned all the Chrome web browser (Windows, Mac, and Linux) users to update their applications to Google also updated its original announcement to include the information that the March 1 ’s patch was actually a fix for a zero - day under active attacks .

It has been reported that Google revealed that a patch for Chrome last week was actually a fix for a zero - day that was under active attacks . The attacks exploited CVE-2019-5786, a security flaw and the only patch included in the Chrome 72.0.3626.121 version, released last Friday, March 1 , 2019.

Google patched the first Chrome zero-day in March last year (CVE-2019-5786 in Chrome 72.0.3626.121), and then a second in November (CVE-2019-13720 in Chrome 78.0.3904.8).

We will update this article if Google shares more information about the recent attacks. In the meantime, users are advised to update Chrome as soon as possible.

Chrome v80.0.3987.122 also comes with two additional security updates; however, these have not been exploited in the wild.

Chrome: Google pauses publication of new main versions - Update: Chrome 82 is no longer available .
© Provided by Martin Geuss (Blog Dr. Windows) Google Chrome Actually, the next main version of Google's own browser would have appeared yesterday with Chrome 81.0, instead it got the current version is only a security update. Due to the current situation around the corona virus, the developers have decided not to publish any major updates until further notice and to restrict maintenance to the current Chrome 80.0 with security updates until the general situation improves again.

—   Share news in the SOC. Networks

Topical videos:

usr: 3
This is interesting!