Google Chrome Heap Buffer Overflow Vulnerability (CVE-2023-5217) Notification
October 1, 2023
Overview Recently, NSFOCUS CERT found that Google officially fixed a zero-day exploit (CVE-2023-5217), which was caused by the heap buffer overflow in the VP8 encoding of the open source libvpx video codec library. An attacker could use this vulnerability to execute arbitrary code on the target system. At present, this vulnerability has been exploited in […]
Google Chrome Heap Buffer Overflow Vulnerability (CVS 2023-4863) Notification
September 13, 2023
Overview Recently, NSFOCUS CERT found that Google officially fixed a heap buffer overflow vulnerability (CVE-2023-4863). Due to a flaw in the WebP module, an attacker triggered the vulnerability by inducing users to visit a malicious website, which ultimately led to arbitrary code execution on the target system. At present, it has been detected that the […]
Multiple Security Vulnerabilities in Google Chrome
February 28, 2023
Overview Recently, NSFOCUS CERT detected that Google Chrome officially released a security bulletin, which fixed multiple security vulnerabilities. The key vulnerabilities are as follows: Google Chrome use-after-free vulnerability (CVE-2023-0927): Due to a use-after-free flaw in the Web Payments API in Google Chrome, a remote attacker capable of compromising the renderer process could exploit a heap […]
Google Chrome V8 Type Confusion Vulnerability (CVE-2022-4262) Alert
December 6, 2022
Overview On December 5, NSFOCUS CERT found that Google officially released a type confusion vulnerability (CVE-2022-4262) in Google Chrome V8. A type confusion error occurs because a program uses one type of method to allocate or initialize a resource, such as a pointer, object, or variable, but then accesses that resource with another method that […]
Google Chrome Remote Code Execution Vulnerability (CVE-2022-3723) Alert
October 31, 2022
Overview Recently, NSFOCUS CERT monitored that Google Chrome has officially released a security bulletin and fixed a remote code execution vulnerability in Chrome V8 (JavaScript engine). Due to a type confusion vulnerability in Chrome V8, a remote attacker could exploit the vulnerability to execute arbitrary code on the target system. At present, the official has […]
Google Chrome Releases Updates for Remediation of the Zero-day Vulnerability (CVE-2020-6418) Threat Alert
March 16, 2020
Overview
On February 24, local time, Google released updates for fixing multiple vulnerabilities existing in the desktop Chrome browser, including the high-risk CVE-2020-6418 vulnerability that has been exploited by attackers in the wild.
CVE-2020-6418 is a type confusion vulnerability in V8, which is Google Chrome’s open-source JavaScript and WebAssembly engine. This vulnerability was discovered and reported by Clement Lecigne of Google’s Threat Analysis Group. (more…)
