Google has fixed a high-severity flaw in the latest version of the Chrome browser that could lead to code execution.
The Google Chrome web browser had a use-after-free vulnerability in its “WebGL” component that could allow a user to execute arbitrary code in the context of the browser process.
A hacker could manipulate the memory layout of the browser in a way that they could gain control of the use-after-free exploit, which could ultimately lead to arbitrary code execution.
According to Jon Munshaw from Cisco Talos, the security researchers worked with Google to ensure that these issues are resolved and that an update is available for affected customers.
“This vulnerability specifically exists in ANGLE, a compatibility layer between OpenGL and Direct3D that Chrome uses on Windows systems,” Munshaw informed in a statement on Monday.
With proper memory layout manipulation, an attacker can gain full control of this use-after-free vulnerability which could ultimately lead to arbitrary code execution in the context of the browser.
Another bug was found in Google’s Chromium-based browsers in early August that could allow hackers to bypass the Content Security Policy (CSP) on websites, in order to steal data and execute rogue code.
Hackers could also exploit an unpatched flaw in Google Drive to distribute malicious files disguised as legitimate files on systems worldwide.
The Hacker News reported that Google is aware of the latest security issue that is found in the “manage versions” functionality in Google Drive.
The functionality allows users to upload and manage different versions of a file.