Google Chrome has a serious zero-day error, and hackers can execute malicious code at its fullest
On Monday, security researchers revealed a critical zero-day security vulnerability in Chromium kernel browsers running on Windows, Mac and Android. This vulnerability allows hackers to bypass Content Security Policy (CSP) rules released in Chrome 73.
The vulnerability, codenamed CVE-2020-6519, is rated 6.5 on the danger scale of CVSS. Once the CSP passes, the hacker will be able to run any malicious code on the victim's website.
Popular websites like Facebook, Wells Fargo, Zoom, Gmail, WhatsApp, Investopedia, ESPN, Roblox, Indeed, TikTok, Instagram, Blogger, and Quora can all be hacked with this vulnerability.
In fact, Tencent Security Xuanwu Lab discovered the CVE-2020-6519 vulnerability more than a year ago, just a month after Chrome 73 was launched with CSP. However, no one noticed and fixed it until PerimeterX Center discovered it again and reported it earlier this March.
After receiving the notification, the Google Chrome development team has fixed the CVE-2020-6519 vulnerability in the Chrome 84 update released on July 14.
CSP is an additional layer of security that detects and mitigates certain types of attacks, including Cross-Site Scripting (XSS) attacks and data injection attacks. With the CSP, the website can ask the browser to perform certain checks to prevent files containing malicious code.
Therefore, when the hacker gets past the CSP, the user's data will be threatened.
In addition to the CVE-2020-6519 vulnerability patch, the Chrome 84 update also fixes 15 other security holes. Among them, 12 were rated as high risk and 2 were low risk.
To avoid risk, experts recommend that users update their browser to the latest version. Currently, on the market, Google Chrome, Opera, Coc Coc and Microsoft Edge are using Chromium kernel.
You should read it
- Google launched Chrome 33, patched 7 new security bugs
- Google released Google Chrome 26
- Google put a hand on the tool bar on Chrome
- Google Chrome is now 23% faster, have you tried it?
- 8 best Chromium browsers to replace Chrome
- Google Chrome temporarily prevents sideload of extensions
- Download Chrome 12: Browse with amazing speed
- Will Microsoft Edge new version be the real rival of Google Chrome? Maybe very much!
- Chrome 16 launches with 'standalone' feature
- Chrome 63 protects from malicious pages better, will also consume more memory
- The latest ways to fix faulty Google Chrome 2022
- New browsers to replace Chrome you should try today
Maybe you are interested
There is a serious security vulnerability that has existed for 18 years in AMD processors, but it is not too worrying
A dangerous vulnerability that has existed for 18 years threatens millions of AMD Ryzen and EPYC CPUs
Google Workspace security vulnerability caused thousands of user accounts to be attacked
Thousands of iOS apps could be at risk because of an open source vulnerability
Serious vulnerability in OpenSSH threatens millions of servers
Google releases emergency update to patch Chrome vulnerability