Yandex Specialist Helps Fix Critical Vulnerability in Chrome and Other Browsers

A Yandex information security specialist has identified and helped eliminate a high-severity vulnerability in the Chromium project code, the foundation of many modern browsers. The flaw could have allowed attackers to execute actions within the browser and form part of complex attack chains.

The vulnerability was discovered in Google’s V8 engine, a component used in Google Chrome, Yandex Browser, Microsoft Edge, and other Chromium-based browsers. V8 is distributed under an open-source license, enabling developers worldwide to study, refine, and integrate the code into their own projects.

Yandex emphasizes that all third-party code integrated into its products and services undergoes mandatory security audits. This approach ensures a consistently high level of protection in the company’s developments.

During one such audit, the Yandex specialist uncovered the flaw and proposed a fix to the V8 development team. Google accepted the solution and incorporated it into the September update of the engine.

The vulnerability affected only certain versions of V8. Yandex clarified that its browser was running a version free of the flaw, leaving its users unaffected. All subsequent browser updates will already include the patched component.

The company also reminded users that it regularly issues Yandex Browser security updates, independent of Chromium’s release schedule. This practice enables timely remediation of threats and helps minimize risks.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy