Published on: 27 February 2020
Google released a security update to address multiple vulnerabilities in ICU, streams and V8 of the Google Chrome. A remote attacker could entice a user running a vulnerable browser to open a web page with specially crafted content to exploit the vulnerability.
Reports indicate that the vulnerability (CVE-2020-6418) is being exploited in the wild. Users are advised to take immediate action to patch the affected systems to mitigate the elevated risk of cyber attacks.
A successful exploitation could lead to arbitrary code execution or information disclosure on an affected system.
Users of affected systems should update the Google Chrome to version 80.0.3987.122 to address the issues. The update can be obtained through the auto-update mechanism or manually by visiting the "About Google Chrome" page (chrome://settings/help). Concerned users should relaunch the Google Chrome to make the update effective.
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
https://www.hkcert.org/my_url/en/alert/20022701
https://www.us-cert.gov/ncas/current-activity/2020/02/25/google-releases-security-updates-chrome
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6407
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6418