Google Chrome v80.0.3987.122 fixes 3 security flaws, CVE-2020-6418 exists in the wild

The Google Chrome development team has now launched the Chrome stable channel update for desktop, v80.0.3987.122. This version is an emergency update, mainly to fix a known zero-day vulnerability.

The development team stated in a blog that this vulnerability (CVE-2020-6418) is located in the Google Chrome V8 engine and “Google is aware of reports that an exploit for CVE-2020-6418 exists in the wild.”

Based on security considerations, Google has not directly disclosed the details of this vulnerability, and Google will not announce the details until most subsequent users have upgraded the new version.

Although the current vulnerability has not been made public, some researchers have researched the vulnerability. According to the current analysis results, vulnerability mainly causes memory corruption.

The V8 engine is an important component of Google Chrome and is mainly responsible for processing various JavaScript scripts. At the same time, the V8 engine is also an important component that is open-sourced by Google.

When processing the data, the V8 engine first determines the data type and then performs targeted processing, but some researchers have found that the V8 engine may sometimes incorrectly identify the type.

When an attacker produces targeted data and obfuscates it, he can fool the V8 engine. The engine crashes when it encounters a memory logic error while processing related data.

At this point, the attacker can execute arbitrary code to threaten the security of the user. This is also the vulnerability that Google evaluates as a high-risk vulnerability.

At present, Google has begun to push the repaired new version to users. If users have not upgraded the new version, they should immediately check for updates and upgrade the new version to ensure security.