{"uuid": "161e85fe-654b-4f30-ab6d-60888778e208", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-16013", "type": "exploited", "source": "https://t.me/thesammymove/1143", "content": "Be prepared to update your chrome browsers once again\ud83d\udea8\n\nChannel:@thesammymove\n#thesammymovenews \n\n\n\ud83d\udc68\u200d\ud83d\udcbbIs Chrome further safe to use? \n-This is the third report on safety vulnerability by @thesammymove.\nFirst: t.me/thesammymove/1077\nSecond: t.me/thesammymove/946\n \n\ud83d\udea8This disclosure brings to five the total number of actively exploited flaws found in Chrome within the last three weeks.\n\n\ud83d\udea8Google is asking Chrome desktop users to prepare to update their browsers once again as two more zero-day vulnerabilities have been identified in the software.\n\n1. CVE-2020-16017 is described by Google as a \u201cuse-after-free in site isolation,\u201d which is the Chrome component that isolates the data of different sites from each other.\n-To exploit it, a remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system,\u00a0according to researchers\u00a0at Czech firm Cybersecurity Help.\n\n2. CVE-2020-16013 meanwhile is an \u201cimproperly implemented security check for standard\u201d bug, which is a type of flaw where\u00a0 the software does not implement or incorrectly implements one or more security-relevant checks. \n-In this particular case, Google described the bug as an \u201cinappropriate implementation in V8,\u201d which is an open-source component of Chrome that handles JavaScript and WebAssembly.\n-To exploit it, a remote attacker can also create a specially crafted web page, trick the victim into visiting it and then be able to compromise the system, Cybersecurity Help noted.\n\n3. Another zero-day that Google\u00a0patched earlier\u00a0this month, CVE-2020-16009, also was due to an inappropriate implementation of V8, but it\u2019s unknown whether the two flaws are related.\n\n-Google typically refrains from providing specific details about vulnerabilities until well after they are patched.\n\nRead also\ud83d\udea8\n-DEPOSIT N50 TO GET N550 trick\ud83d\udc47\nt.me/thesammymove/1514\n\n-EARN CRYPTO,AIRTIME,DATA AND CASH\ud83d\udc47\nt.me/thesammymove/1692\n\n- FREE N1,000 TRICK \ud83d\udc47\nt.me/thesammymove/999", "creation_timestamp": "2021-04-09T02:45:23.000000Z"}