Fri. Jul 10th, 2020

CVE-2020-6457: Google Chrome Use-After-Free Vulnerability Alert

1 min read

Google Chrome has pushed version 81.0.4044.113 to the stable channel last week. At present, most users have upgraded, so Google announced the details of some vulnerabilities.

One of these vulnerabilities is the Use-After-Free (UAF) vulnerability (CVE-2020-6457) reported by Qihoo 360, which involves high memory damage. Use-After-Free is referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

The vulnerability is in the speech recognition component of Google Chrome. From Google’s description, this vulnerability also involves a third-party component library, so Google is unwilling to disclose information.

Google is concerned that if the third-party component library has not yet fixed the vulnerability, it may cause security problems, so Google only briefly introduces the related situation of the vulnerability.

According to Google’s report, the vulnerability affects Chrome for Windows, Linux, Mac, and Android versions, and versions such as ChromeOS have not been affected.

It is recommended that users using Google Chrome keep the browser automatically updated and do not disable the automatic update service. For specific version information, click the Help =>About Google Chrome page to view information.