Heap buffer overflow vulnerability in Google chrome

  • CERT Admin
  • Tue Nov 03 2020
  • Alerts

Systems Affected

Google Chrome versions prior to 84.0.4147.135


Overview

Vulnerability will allow an attacker to execute arbitrary code on the targeted system.


Description

Google chrome is a widely used web browser that is available for both Windows and Mac operating systems. A vulnerability has been discovered in Google Chrome, which can be used to execute arbitrary codes. A successful exploit of this vulnerability allows an attacker to execute arbitrary code in the context of the web browser. Depending on the privileges given to the application an attacker could view, change, or delete data.

This vulnerability can be exploited if a user visits, or is redirected to a specially crafted web page.


Impact

✻ Exposing private information to unauthorized parties

✻ Malware infections

✻ Modifications to system files


Solution/ Workarounds

✻ Apply the security updates as mentioned in below link: https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_18.html

✻ Run software as a non-privileged user (Without administrator privileges)


References

✻ https://www.cisecurity.org/advisory/a-vulnerability-in-teamviewer-cloud-allow-for-offline-password-cracking_2020-106/

✻ https://www.cert-in.org.in/


Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.


Last updated: Tue Nov 03 2020