Call us today on: +44 (0)203 88 020 88
SecureTeamSecureTeamSecureTeamSecureTeam
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Vulnerability Assessment
    • Web Application Penetration Test
    • Configuration Review
      • Windows Build Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials Certification
  • News
  • Articles
  • About
    • About SecureTeam
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
    • White-Label Consultancy
    • Jobs
  • Contact Us

News

Home  >  News  >  Vulnerabilities  >  Critical Chrome RCE vulnerability patched
NextPrevious
Google Chrome vulnerability patched

Critical Chrome RCE vulnerability patched

News, Vulnerabilities | 2 October, 2019 | 0

Google is rolling out a critical patch for their Chrome browser in order to fix four serious vulnerabilities including one which enables arbitrary code execution on the system simply by visiting a specially crafted webpage – with no other user interaction required.

Google is not releasing details of the vulnerabilities, other than to say they are all ‘use after free’ coding defects, until the majority of the installed user base has updated to the patched version of Chrome.

A ‘use after free’ flaw is a type of coding mistake where a program attempts to use an allocation of memory, such as an object created in a C++ program, after it has been released (or freed) by another part of the application. This can either result in a crash or, if the memory in question has been manipulated by an attacker, cause arbitrary code to be executed.

Google states that:

Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

The fix is in version 77.0.3865.90 of the stable release channel for Windows, Mac, and Linux for desktop.  You can check the current version of Chrome by clicking Help -> About Google Chrome

Administrators that have disabled Chrome auto-updates should consider updating to resolve these vulnerabilities.

 

 

Subscribe to our monthly cybersecurity newsletter
Stay up-to-date with the very latest cybersecurity news & technical articles delivered straight to your inbox
We hate spam as much as you do. We will never give your email address out to any third-party.
Chrome, web browsers

Related Post

  • microsoft patch tuesday december

    Death by PowerPoint and other vulnerabilities

    By Mark Faithfull

    Microsoft’s December 2018 patch Tuesday release includes fixes for several critical vulnerabilities including one in PowerPoint which affects all versions since PowerPoint 2010. The PowerPoint bug (CVE-2018-8628) would allow an attacker to create a specially-craftedRead more

  • sennheiser headphones vulnerability

    Sennheiser headphone bug highlights certificate vulnerability

    By Mark Faithfull

    A recent vulnerability in Sennheiser’s headphone management utility illustrates the risk of unexpected additions to the Microsoft windows certificate store. During installation, the Sennheiser software installed a self-signed root certificate into the computer’s trusted rootRead more

  • safe and secure browser cookies

    How to make the perfect cookies

    By Ian Reynolds

    Browser cookies play an important role in nearly all modern websites and applications. From tracking user-interaction through services like Google Analytics, through to maintaining the state of customer shopping carts in eCommerce applications. Cookies canRead more

NextPrevious

Recent Posts

  • The Costs of Cyber Attacks on UK Small Businesses
  • The true cost of malware incidents
  • The rise of ransomware attacks in 2019
  • JIRA Sys Admin jailed for 25 years
  • Malware shifting from MS Office to OpenOffice

Tags

blockchain Bluetooth Botnet Chrome Cisco Confluence CREST cyber crime cyber essentials cyber security cyber security news Data Protection Dell DHCP DNS Ethereum Exchange Server exim formjacking GDPR Hadoop Jira Linux Magecart Meltdown microsoft Mirai OpenOffice patching PDF penetration testing phishing RDP Row Hammer security breach security testing Spectre supply chain attacks Sysinternals Tomcat UK Law vulnerability management web applications web browsers wireless

Archives

  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • July 2018
  • June 2018
  • April 2018
  • January 2018
  • October 2017
BCS Cyber Essentials Cyber Essentials Cyber Essentials PLUS
information. secured.
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Vulnerability Assessment
    • Web Application Penetration Test
    • Configuration Review
      • Windows Build Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials Certification
  • News
  • Articles
  • About
    • About SecureTeam
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
    • White-Label Consultancy
    • Jobs
  • Contact Us
SecureTeam
SecureTeam use cookies on this website to ensure that we give you the best experience possible. If you continue to use our site we will assume that you are happy with cookies being used.OkRead more