Advertisement
Top
image credit: Stephen Shankland / Flickr

Google Patches Several Chrome Flaws That Can Be Exploited via Malicious Extensions

August 4, 2021

Via: Security Week
Category:

Researchers Leecraso and Guang Gong of the 360 Alpha Lab team at Chinese cybersecurity firm Qihoo 360 have earned $20,000 for a high-severity vulnerability tracked as CVE-2021-30590. Google described the issue as a heap buffer overflow in Bookmarks.

Leecraso told SecurityWeek that CVE-2021-30590 is a sandbox escape vulnerability that can be “exploited in combination with an extension or a compromised renderer.” An attacker can leverage the flaw to achieve remote code execution outside Chrome’s sandbox.

Read More on Security Week

RELATED PUBLICATIONS

OpenAI’s GPT-4 can exploit real vulnerabilities by reading security advisories
Unpatched Vulnerabilities: The Most Brutal Ransomware Attack Vector
Google Patches Exploited Pixel Vulnerabilities

Latest Publications

US water facility OT infrastructure is under attack again
Network specialist debuts free tool that promises to solve VPN and ZTNA connectivity issues for good
Notorious Finnish Hacker sentenced to more than six years in prison
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!