Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Google Chrome has a serious zero-day error, and hackers can execute malicious code at its fullest
On Monday, security researchers revealed a critical zero-day security vulnerability in Chromium kernel browsers running on Windows, Mac and Android. This vulnerability allows hackers to bypass Content Security Policy (CSP) rules released in Chrome 73.
The vulnerability, codenamed CVE-2020-6519, is rated 6.5 on the danger scale of CVSS. Once the CSP passes, the hacker will be able to run any malicious code on the victim's website.
Popular websites like Facebook, Wells Fargo, Zoom, Gmail, WhatsApp, Investopedia, ESPN, Roblox, Indeed, TikTok, Instagram, Blogger, and Quora can all be hacked with this vulnerability.
In fact, Tencent Security Xuanwu Lab discovered the CVE-2020-6519 vulnerability more than a year ago, just a month after Chrome 73 was launched with CSP. However, no one noticed and fixed it until PerimeterX Center discovered it again and reported it earlier this March.
After receiving the notification, the Google Chrome development team has fixed the CVE-2020-6519 vulnerability in the Chrome 84 update released on July 14.
CSP is an additional layer of security that detects and mitigates certain types of attacks, including Cross-Site Scripting (XSS) attacks and data injection attacks. With the CSP, the website can ask the browser to perform certain checks to prevent files containing malicious code.
Therefore, when the hacker gets past the CSP, the user's data will be threatened.
In addition to the CVE-2020-6519 vulnerability patch, the Chrome 84 update also fixes 15 other security holes. Among them, 12 were rated as high risk and 2 were low risk.
To avoid risk, experts recommend that users update their browser to the latest version. Currently, on the market, Google Chrome, Opera, Coc Coc and Microsoft Edge are using Chromium kernel.
Isabella HumphreyYou should read it
- Google put a hand on the tool bar on Chrome
- Google Chrome is now 23% faster, have you tried it?
- 8 best Chromium browsers to replace Chrome
- Google Chrome temporarily prevents sideload of extensions
- Download Chrome 12: Browse with amazing speed
- Will Microsoft Edge new version be the real rival of Google Chrome? Maybe very much!
- Chrome 16 launches with 'standalone' feature
- Chrome 63 protects from malicious pages better, will also consume more memory
May be interested
- Detecting a Chrome extension infected with malicious code, stealing the password and the user's e-wallet key
zdnet, mega.nz reports - chrome's data sharing extension has been infected with malicious code. this malicious code has the ability to collect information about visitors' websites, account names, passwords and other data. - Malicious ad campaigns abuse Chrome to steal 500 million iOS user sessionsin recent times, many large malvertising attacks targeted ios users from the united states and many european union countries have been deployed.
- Microsoft put Windows Defender add-on on Google Chromemicrosoft has just released windows defender virus scanning tool on google chrome as a utility, including a list of infected urls that will be blocked in chrome.
- Xiaomi truth has installed malicious code in Xiaomi Mi4?security firm bluebox has discovered a few malicious applications that have been pre-installed on xiaomi mi 4, they are a google application aimed at advertising and trojans, helping hackers to control the phone remotely. ..
- New weapons against malicious code are 'cloud' computing.the 'cloud computing' model of remote server-based data processing and results returned to the pc will incorporate 10 antivirus engines and two hackers to detect hackers to prevent the malicious code.
- Detects two serious vulnerabilities on uTorrent that can help hackers execute malicious code or view download history on your computerhackers can take advantage of these two vulnerabilities to view the history of downloading or executing malware on a user's computer.
- Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messengerfrom yesterday (december 18, 2017), a new type of malicious code has appeared and raged in vietnam. this malicious code is not too sophisticated but is spreading very fast through facebook messenger because it is sent from the friends in the friend list.
- Embed malicious code into PDF file without security errorattack on the system through malicious code embedded in pdf files whether users open with the latest version of adobe reader or foxit reader.
- How does malicious code break into user PC (Part 2)the previous article detailed how aggressive hackers infect malicious code and can see that these are extremely dangerous attack techniques.
- Hide malicious code in Windows logs file to attack computers, new ways of attack by hackershackers are constantly inventing new ways to attack corporate and user computer systems.
Attack the network
- Wsreset tool of Windows 10 Store was used by hackers to bypass anti-virus software
- The Joker malware once again bypassed Google's security, spreading strongly on the Play Store
- The 'gang' behind the Sodinokibi malware began auctioning celebrity data on the dark web
- Hackers can modify Safari on macOS to steal user data
- Microsoft silently updated Windows 10 to patch 2 serious security holes
- Hide malicious code in Windows logs file to attack computers, new ways of attack by hackers
Wsreset tool of Windows 10 Store was used by hackers to bypass anti-virus software
The Joker malware once again bypassed Google's security, spreading strongly on the Play Store
The 'gang' behind the Sodinokibi malware began auctioning celebrity data on the dark web
Hackers can modify Safari on macOS to steal user data
Microsoft silently updated Windows 10 to patch 2 serious security holes