Google addressed a use-after-free bug in the WebGL (Web Graphics Library) component of the Google Chrome web browser that could lead to arbitrary code execution in the context of the browser’s process following successful exploitation.
WebGL is a JavaScript API used by compatible browsers to render interactive 2D and 3D graphics without using plug-ins.
A fix for this code execution vulnerability is already included in Google Chrome’s Beta release channel and it will also come to the Stable channel with the release of Google Chrome 85.0.4149.0 that will roll out tomorrow according to Chrome’s release timeline.
High severity code execution vulnerability
The code execution security issue discovered by Cisco Talos’ senior research engineer Marcin Towalski is tracked as CVE-2020-6492 and it received a high severity 8.3 CVSSv3 Score.
The vulnerability triggers a crash when the WebGL component fails to correctly handle objects in memory.
“This vulnerability is in ANGLE, a compatibility layer between OpenGL and Direct3D used on Windows by Chrome browser and other project,” Cisco Talos’ security advisory explains.
“With proper memory layout manipulation, an attacker can gain full control of this use-after-free vulnerability which could ultimately lead to arbitrary code execution in the context of the browser.”
CVE-2020-6492 affects Google Chrome 81.0.4044.138 (Stable), 84.0.4136.5 (Dev) and 84.0.4143.7 (Canary), and it was reported to Google on May 19.
https://csirt.cy/wp-content/uploads/2020/08/CVE-2020-6492-timeline-300x60.jpg 300w" alt="" width="601" height="121" class="size-full wp-image-6859 aligncenter" style="box-sizing: border-box; border: 0px; vertical-align: middle; clear: both; display: block; margin: 0px auto; height: auto; max-width: 100%; color: rgb(51, 51, 51); font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;" loading="lazy" />
Google Chrome security updates
Earlier Google Chrome stable releases (Chrome 84 and Chrome 83) addressed 38 vulnerabilities each, including security issues rated as critical and high severity.
Chrome 84 also featured increased protection against mixed-content downloads, browser notification scams, as well as the removal of insecure TLS protocols (i.e., TLS 1.0 and 1.1).
The previous release, Chrome 83, provided users with massive security and privacy enhancements, including a redesigned “Privacy and security” settings section, a new Safety Check feature, a new Enhanced Safe Browsing feature, better control over cookies, improved DoH settings, and more.
Google did not release Chrome version 82 deciding instead to skip that version because of the ongoing pandemic and to roll all of its changes into the next release.