Researchers from Cisco Talos disclosed technical details of recently patched vulnerabilities affecting the popular Chrome and Firefox web browsers.
The first issue, tracked as CVE-2020-6463, is a memory corruption vulnerability that affects PDFium, an open source PDF library used by Chrome and other applications.
The flaw is a high severity vulnerability that received a CVSS score of 8.8, Google addressed it with the release Chrome 81.0.4044.122 in April.
Google awarded a $5,000 bounty for the vulnerability.
Chrome 81.0.4044.122 also addresses other serious issues, some of which have been awarded by Google with $15,000 and $20,000 bounties.
Cisco Talos experts also published details for the CVE-2020-12418 vulnerability, an information disclosure vulnerability that is related to the URL mPath functionality of Mozilla Firefox Firefox Nightly Version 78.0a1 x64 and Firefox Release Version 76.0.2 x64.
An attacker could exploit the flaw by tricking the victims into visiting a specially crafted URL object that causes an out-of-bounds read.
Mozilla has fixed this issue, along with other vulnerabilities, with the release of Firefox 78.
(SecurityAffairs – hacking, Chrome)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.