Cybersecurity specialists have revealed the finding of six security vulnerabilities in Google Chrome, one of the world’s most popular Internet browsers. Successful exploitation of these flaws would trigger a number of malicious scenarios.
Below is a brief description of the reported vulnerabilities, in addition to their respective scores and tracking keys according to the Common Vulnerability Scoring System (CVSS).
CVE-2020-6493: This is a use-after-free vulnerability that exists due to an error in the WebAuthentication component of Google Chrome. A threat actor could redirect victims to a malicious website to exploit the vulnerability and execute arbitrary code on the system.
This flaw received a score of 7.7/10, so it is considered high severity.
CVE-2020-6494: This vulnerability exists due to insufficient validation of user input on payment component for Google Chrome. Threat actors can create a specially designed website, trick the victim into visiting it and falsify its content.
This is a high severity flaw, as it received a score of 7.1/10 on the CVSS scale.
CVE-2020-6495: This flaw exists due to insufficient policy application in developer tools in Chrome. A remote hacker could redirect victims to malicious content websites to bypass security measures and compromise the affected system.
The flaw received a score of 7.7/10, so it is considered a high severity vulnerability.
CVE-2020-6496: This flaw exists due to a use-after-free error of the payments component in Google Chrome. A remote attacker can create a specially designed web page, trick the victim into visiting it, activate the use-after-free bug and execute arbitrary code on the target system.
This flaw also received a score of 7.7/10, so it is considered a high-gravity error.
CVE-2020-6497: This vulnerability exists due to insufficient Omnibox policy enforcement in Google Chrome and allows attackers to bypass security restrictions on the system. Hackers can trick the victim into visiting a specially designed website, bypass implemented security measures and gain access to sensitive information.
This is a medium severity vulnerability and received a score of 4.7/10 on the CVSS scale.
CVE-2020-6498: This flaw exists due to insufficient validation of user-supplied progress input displayed in Google Chrome. A remote attacker can create a specially designed website, trick the victim into visiting it and falsify the content of the website.
The flaw received a score of 4.7/10 on the CVSS scale, so it is considered an average severity error.
Although the flaws can be exploited remotely by unauthenticated hackers, there is no exploit to trigger this attack. Google has already released the corresponding updates, so users should only verify the installation.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.