Researchers from Cisco Talos disclosed technical details of recently patched vulnerabilities affecting the popular Chrome and Firefox web browsers.
The first issue, tracked as CVE-2020-6463, is a memory corruption vulnerability that affects PDFium, an open source PDF library used by Chrome and other applications.
The flaw is a high severity vulnerability that received a CVSS score of 8.8, Google addressed it with the release Chrome 81.0.4044.122 in April.
Google awarded a $5,000 bounty for the vulnerability.
Chrome 81.0.4044.122 also addresses other serious issues, some of which have been awarded by Google with $15,000 and $20,000 bounties.
Cisco Talos experts also published details for the CVE-2020-12418 vulnerability, an information disclosure vulnerability that is related to the URL mPath functionality of Mozilla Firefox Firefox Nightly Version 78.0a1 x64 and Firefox Release Version 76.0.2 x64.
An attacker could exploit the flaw by tricking the victims into visiting a specially crafted URL object that causes an out-of-bounds read.
Mozilla has fixed this issue, along with other vulnerabilities, with the release of Firefox 78.
(SecurityAffairs – hacking, Chrome)