“By persuading a victim to visit a specially crafted website, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial-of-service condition on the system,” according to the report.įurther details are scant because “access to bug details and links may be kept restricted until a majority of users are updated with a fix,” according to Google. Use-After-Free Zero-Day FlawĪccording to an IBM X-Force vulnerability report, the flaw could allow a remote attacker to execute arbitrary code on the system. If after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to hack the program, according to a description of the vulnerability. It’s a use-after-free vulnerability, which relates to incorrect use of dynamic memory during program operation. The flaw (CVE-2021-21193) ranks 8.8 out of 10 on the CVSS vulnerability-rating scale, making it high-severity. 90 for Windows, Mac and Linux which will roll out over the coming days/weeks,” according to Google’s Friday security update. Browser engines convert HTML documents and other web page resources into the visual representations viewable to end users. The vulnerability exists in Blink, the browser engine for Chrome developed as part of the Chromium project. If exploited, the flaw could allow remote code-execution and denial-of-service attacks on affected systems. Google is hurrying out a fix for a vulnerability in its Chrome browser that’s under active attack – its third zero-day flaw so far this year.
0 kommentar(er)
