Google released an updated version of Chrome 66 that addresses a Critical security vulnerability that could be exploited by an attacker to take over a system.
Google released an updated version of Chrome 66 (version 66.0.3359.170) for Windows, Mac, and Linux systems that addressed 4 security vulnerabilities.
“This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.” reads the post published by Google.
 Critical: Chain leading to sandbox escape. Reported by Anonymous on 2018-04-23:
 High CVE-2018-6121: Privilege Escalation in extensions.
 High CVE-2018-6122: Type confusion in V8.
[$5000] High CVE-2018-6120: Heap buffer overflow in PDFium. Reported by Zhou Aiting(@zhouat1) of Qihoo 360 Vulcan Team on 2018-04-17″
Three of the vulnerabilities were reported by external researchers, the most severe issues are a privilege escalation in extensions tracked as CVE-2018-6121 and a type confusion in V8 tracked as CVE-2018-6122.
An anonymous researcher reported that chaining the two flaws could result in the sandbox escape and could allow a remote attacker to take control of target systems.
Chrome addressed the CVE-2018-6120 heap buffer overflow in PDFium reported by Zhou Aiting of Qihoo 360 Vulcan Team that received a $5,000 reward.
In April, Google issued security patches to address another Critical flaw in Chrome, the flaw was fixed in with the 66.0.3359.137 version.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.