Overview Recently, NSFOCUS CERT found that Google officially fixed a zero-day exploit (CVE-2023-5217), which was caused by the heap buffer overflow in the VP8 encoding of the open source libvpx video codec library. An attacker could use this vulnerability to execute arbitrary code on the target system. At present, this...
Tag: Google Chrome
Google Chrome Heap Buffer Overflow Vulnerability (CVS 2023-4863) Notification
Overview Recently, NSFOCUS CERT found that Google officially fixed a heap buffer overflow vulnerability (CVE-2023-4863). Due to a flaw in the WebP module, an attacker triggered the vulnerability by inducing users to visit a malicious website, which ultimately led to arbitrary code execution on the target system. At present, it...
Multiple Security Vulnerabilities in Google Chrome
Overview Recently, NSFOCUS CERT detected that Google Chrome officially released a security bulletin, which fixed multiple security vulnerabilities. The key vulnerabilities are as follows: Google Chrome use-after-free vulnerability (CVE-2023-0927): Due to a use-after-free flaw in the Web Payments API in Google Chrome, a remote attacker capable of compromising the renderer...
Google Chrome V8 Type Confusion Vulnerability (CVE-2022-4262) Alert
Overview On December 5, NSFOCUS CERT found that Google officially released a type confusion vulnerability (CVE-2022-4262) in Google Chrome V8. A type confusion error occurs because a program uses one type of method to allocate or initialize a resource, such as a pointer, object, or variable, but then accesses that...
Google Chrome Remote Code Execution Vulnerability (CVE-2022-3723) Alert
Overview Recently, NSFOCUS CERT monitored that Google Chrome has officially released a security bulletin and fixed a remote code execution vulnerability in Chrome V8 (JavaScript engine). Due to a type confusion vulnerability in Chrome V8, a remote attacker could exploit the vulnerability to execute arbitrary code on the target system....
Google Chrome Releases Updates for Remediation of the Zero-day Vulnerability (CVE-2020-6418) Threat Alert
Overview On February 24, local time, Google released updates for fixing multiple vulnerabilities existing in the desktop Chrome browser, including the high-risk CVE-2020-6418 vulnerability that has been exploited by attackers in the wild. CVE-2020-6418 is a type confusion vulnerability in V8, which is Google Chrome's open-source JavaScript and WebAssembly engine....
