The Chrome team disclosed a serious vulnerability in the V8 JavaScript engine, related to out-of-bounds memory read and write issues. This vulnerability could allow attackers to execute malicious code simply by tricking users into visiting compromised web pages. In addition to this critical issue, the latest Chrome update resolves a medium-severity use-after-free memory bug in Blink, the browser's rendering engine, which was reported by a researcher who earned a $1,000 bounty for their discovery. Google plans to restrict access to further details about the bug until sufficient user updates have been deployed.
The vulnerability can likely be triggered remotely by users simply visiting web pages that load maliciously crafted code.
Access to bug details and links may be kept restricted until a majority of users are updated with a fix.
The new Chrome update also fixes a medium-severity use-after-free memory bug in Blink.
A researcher received a $1,000 bounty for privately reporting this vulnerability.
Collection
[
|
...
]