Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser.
Type confusion vulnerabilities could be weaponized by threat actors to perform out-of-bounds memory access, or lead to a crash and arbitrary code execution.
According to the NIST’s National Vulnerability Database, the flaw permits a “remote attacker to potentially exploit heap corruption via a crafted HTML page.”
Google acknowledged active exploitation of the vulnerability but stopped short of sharing additional specifics to prevent further abuse.
images from Hacker News