- In addition to two moderate bugs, Google also fixed a very serious zero-day bug for Chrome.
- The vulnerability is likely related to a LibANGLE buffer overflow, which could allow memory corruption and remote code execution.
- This is the eighth zero-day patch for Chrome this year and highlights the ongoing attacks affecting the browser.
Google recently updated its Chrome browser to protect it against a high-profile security flaw known as a zero-day vulnerability.
In a security advisory published earlier this week, the browser giant said it had fixed three bugs for Chrome, including two of moderate severity and one of high severity.
Regarding this last point, Google stated that they are “aware of the existence of an exploit in the wild.” No further details have been revealed to protect users during the patch release. This is a common practice at Google, which stores important data about users, as well as cybercriminals and other hackers.
Browser crashes
The exact date when the patch is expected to be released is unknown. Google has confirmed that it will be available to most users “in the coming days/weeks”. The stable channel has been updated to 143.0.7499.109/.110 for Windows/Mac and 143.0.7499.109 for Linux, and when we checked the update was already installed.
There is no official confirmation of the origin of the bug, but according to Chromium’s bug ID, it was found in Google’s open source library LibANGLE, BleepingComputer reports. LibANGLE is a translation layer that converts OpenGL ES calls to other graphics APIs, usually Direct3D on Windows. This allows browsers and applications to run WebGL and OpenGL ES content even if the operating system does not support these APIs.
The same source states that the bug is most likely a buffer overflow vulnerability in ANGLE’s Metal renderer, caused by an incorrect buffer size. Criminals could have exploited this flaw to corrupt memory, crash the browser, expose sensitive data, or even remotely execute arbitrary code.
This is the eighth zero-day vulnerability that Google has fixed in its Chrome browser. Last year, the company fixed ten of these vulnerabilities.
Web browsers are among the most used software components on a computer and are therefore always the target of various hacking campaigns.
IN BeepTeam