December 2, 2022

TheCyberThrone

Thinking Security ! Always

Google Dev Channel has a RCE vulnerability

The WebAssembly and V8 JavaScript engine used in both the browsers of Google Chrome and Chromium recently patched critical remote code execution vulnerability.

Successful exploitation of the issue could allow an attacker to implement arbitrary code when it comes to the browser due to a use-after-free vulnerability in the instruction optimization component.

Advertisements

Google was informed about the bug in Chrome 101’s Dev channel. The bug has since been silently fixed.

Researchers explains, It occurs during instruction selection stage when the wrong instruction is selected, leading to an exception during memory access.

When previously-freed memory is accessed, use-after-free vulnerabilities can result an unexpected behavior and cause a program to crash, make use of data that is corrupted, or even execute arbitrary code.

It is more concerning that a specially designed website can exploit the flaw remotely to bypass security restrictions and run arbitrary code to compromise the system.

Google does not assign CVE IDs to vulnerabilities that are found in non-stable Chrome channels.

Advertisements

To ensure their applications are compatible with the latest Chrome features and API changes, Chrome users, especially developers, should update to the latest version available.

In 2021, Google fixes nearly 7 similar kind of use-after-free bugs.

%d bloggers like this: