Friday, October 23, 2020 10:00 AM (GMT + 7)
A serious security flaw in Chrome allows hackers to hijack computers, thereby remotely executing arbitrary codes to control and penetrate deeply into victim computers.
Recently, Vietnam Cyber Security Joint Stock Company issued a warning about a serious security hole in Chrome – the number 1 popular free web browser in Vietnam today. This vulnerability is coded CVE-2020-15999 – allowing hackers to hijack the computer, thereby remotely executing arbitrary codes to control and penetrate deeply into the victim’s machine. At the time the vulnerability was reported to the vendor, the vulnerability was rated Zero Day – Unpatched High Critical Vulnerability.
The vulnerability was discovered and reported by security researcher Sergei Glazunov of the “Google Project Zero” project on October 19, the vendor has 7 days to patch the vulnerability due to the exploit law. Google announced.
Specifically, this vulnerability is a type of buffer overflow vulnerability that exists on Freetype – a popular open-source software development library that supports displaying different fonts on the number 1 popular browser in Vietnam. this.
To exploit this vulnerability, hackers will transfer PNG images to libpng (Freetype’s library) with a width or height greater than 65535. The problem is that libpng only uses 32bit values, so the image is Large size will cause buffer overflow.
Taking advantage of this error, hackers can remotely execute arbitrary executable code to control the victim’s computer and view sensitive information. More dangerous if the victim’s computer is in the internal network of the business, this can completely become a gateway leading hackers to break into the unit’s IT system, disrupt the system or steal confidential information. .
The vendor said it had developed an emergency patch to address the issue on October 20 with the release of FreeType 2.10.4, a Google Chrome representative also said that it has updated this patch in the version. Latest.
In addition to the FreeType zero-day vulnerability, Google also patched four other flaws in the latest Chrome update, three of which are high-risk vulnerabilities – an inconsistent implementation bug in Blink, a bug in the media’s Chrome and bugs in PDFium – and an average flaw in the browser’s print function.
Security experts from VSEC Vietnam Cyber Security Joint Stock Company recommend that users should update Chrome to the latest version that has fixed the above vulnerabilities. However, although the Chrome web browser automatically notifies users about the latest version available, users should enable the update manually by going to “Help → About Google Chrome “from the menu (Help → About Google Chrome)”
In the global browser market, Google Chrome still dominates with 69.18% market share, in Vietnam alone this figure is over 70%. This is not difficult to understand when Chrome is integrated with a rich extension store, fast page loading speed, the ability to synchronize data across multiple devices …
If you cannot download images, documents, software … after upgrading to Google Chrome version 86, you can apply …