Stack Overflow Out-of-Bounds Write Vulnerability in Microsoft ChakraCore

Microsoft ChakraCore is an open source ChakraJavaScript scripting engine used by Microsoft in the Edge browser, or as a stand-alone JavaScript engine. A stack overflow out-of-bounds write vulnerability exists in Microsoft ChakraCore. An attacker could exploit this vulnerability to cause a softwar...

Two New Chrome 0-Days Under Active Attacks – Update Your Browser

Google has patched two more zero-day flaws in the Chrome web browser for desktop, making it the fourth and fifth actively exploited vulnerabilities addressed by the search giant in recent weeks. The company released 86.0.4240.198 for Windows, Mac, and Linux, which it said will be rolling out over...

CVE-2020-26950

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2...

New Chrome Zero-Day Under Active Attacks – Update Your Browser

Google has patched a second actively exploited zero-day flaw in the Chrome browser in two weeks, along with addressing nine other security vulnerabilities in its latest update. The company released 86.0.4240.183 for Windows, Mac, and Linux, which it said will be rolling out over the coming...

DEBIAN-CVE-2020-15979

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2020-16006

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Google Chrome V8 Improperly Implemented Vulnerability

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A V8 mal-implementation vulnerability exists in versions prior to Google Chrome 86.0.4240.183. A remote attacker could potentially exploit this vulnerability to cau...

CVE-2020-15684

Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 82...

CVE-2020-15681

When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox 82...

CVE-2020-15667

When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controll...

Announcing the Fuzzilli Research Grant Program

Posted by Samuel Groß, Project Zero Project Zero’s mission is to make 0-day hard in order to improve end-user security. We attack this problem in different ways, including supporting other security researchers. While Google currently offers research grants, they are limited to academics and those...

CVE-2020-15676

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox 81, Thunderbird 78.3, and Firefox ESR 78.3...

CVE-2020-15674

Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 81...

Google Chrome Type Obfuscation Vulnerability (CNVD-2020-53301)

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A type-obfuscation vulnerability exists in V8 in versions of Google Chrome prior to 85.0.4183.121. A remote attacker can exploit this vulnerability to conduct...

DEBIAN-CVE-2020-6537

Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

UBUNTU-CVE-2020-6537

Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

JITSploitation II: Getting Read/Write

Posted by Samuel Groß, Project Zero This three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed i...

JITSploitation III: Subverting Control Flow

Posted by Samuel Groß, Project Zero This three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed i...

CVE-2020-15664

By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious...

PT-2020-15700 · Nginx · Njs

Name of the Vulnerable Software and Affected Versions: njs versions prior to 0.4.4 Description: The issue allows for control-flow hijack in the njs value property function within njs value.c. It is noted that the vendor considers this issue to be of minimal concern in the NGINX use case due to th...