Published: February 26, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
On the heels of a major zero-day flaw at the end of 2019 in Google’s Chrome browser, nips three major issues rated high-severity. One of them is being exploited in the wild. The most severe of these could allow at attacker to execute arbitrary code in the browser, obtain sensitive information from the machine, and bypass security restrictions. None of these are good.
Right now, take a minute and update all of your Google Chrome browsers. This means on your desktop (if you still have one), your laptop, tablet, and any mobile device you have. It’s pretty easy to do. On a desktop or laptop, check Chrome > About Google Chrome and you can see what version you have. If it’s earlier than 80.0.3987.122, it’s out of date and needs to be updated now. To make sure the update takes effect, close the browser and re-open it. If it hasn’t automatically updated, click on the link to update it and Voilà! On mobile devices, check your app store for the latest version and apply it.
The three flaws making the news today are:
CVE-2020-6407 – Out of bounds memory access in streams
CVE-2020-6418 – Type confusion in V8
Integer Overflow in ICU
This last one could allow an attacker to execute arbitrary code by creating a specially crafted web page and luring victims to it. Always be on the lookout for phishing in all its forms, including fake web pages. If you end up at an unfamiliar web page or one you didn’t intend to land on, close it and try again. If you are not 100% sure it’s where you need to be, don’t enter information into it and never click links in email messages that you aren’t expecting, come from unfamiliar persons, or that just don’t seem legitimate in some way. To be safe, contact the sender by voice or text, or some other way independent of replying to an email and ask for confirmation.
Google has stated it is aware that CVE-2020-6418 is being actively exploited. Therefore, don’t delay. Get those updates applied now.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org