Google has fixed an error in WebGL (Web Graphics Library) of the Google browser Chrome, which could lead to arbitrary code execution.
WebGL is a JavaScript API used by compatible browsers for better rendering of 2D and 3D graphics without the use of addons.
The fix for this vulnerability is already included in the beta version of the Google application and we will soon see it in the fixed version 85.0.4149.0 that will be released today according to Google.
The security loophole was discovered by Cisco Talos researcher Marcin Towalski and has been documented in CVE-2020-6492. It is very high quality and has been rated with 8.3 CVSSv3 Score.
The vulnerability triggers an outage modes when the WebGL component fails to correctly handle objects in memory.
Η ευπάθεια CVE-2020-6492 επηρεάζει τον Google Chrome 81.0.4044.138 (Σταθερή), 84.0.4136.5 (Dev) και 84.0.4143.7 (Canary), και αναφέρθηκε στην Google στις 19 Μαΐου.