Google released an updated version of Chrome 66 that addresses a Critical security vulnerability that could be exploited by an attacker to take over a system.
Google released an updated version of Chrome 66 (version 66.0.3359.170) for Windows, Mac, and Linux systems that addressed 4 security vulnerabilities.
“This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.” reads the post published by Google.
-  Critical: Chain leading to sandbox escape. Reported by Anonymous on 2018-04-23:
-  High CVE-2018-6121: Privilege Escalation in extensions.
-  High CVE-2018-6122: Type confusion in V8.
- [$5000] High CVE-2018-6120: Heap buffer overflow in PDFium. Reported by Zhou Aiting(@zhouat1) of Qihoo 360 Vulcan Team on 2018-04-17″
Three of the vulnerabilities were reported by external researchers, the most severe issues are a privilege escalation in extensions tracked as CVE-2018-6121 and a type confusion in V8 tracked as CVE-2018-6122.
An anonymous researcher reported that chaining the two flaws could result in the sandbox escape and could allow a remote attacker to take control of target systems.
Chrome addressed the CVE-2018-6120 heap buffer overflow in PDFium reported by Zhou Aiting of Qihoo 360 Vulcan Team that received a $5,000 reward.
In April, Google issued security patches to address another Critical flaw in Chrome, the flaw was fixed in with the 66.0.3359.137 version.
(Security Affairs – Chrome 66, Google)
The post Google addresses critical security vulnerabilities in Chrome 66 appeared first on Security Affairs.