Google Chrome 85 fixes WebGL code execution vulnerability!
They addressed a use-after-free bug in the WebGL (Web Graphics Library) component of the Google Chrome web browser that could lead to arbitrary code execution in the context of the browser’s process following successful exploitation.
WebGL is a JavaScript API used by compatible browsers to render interactive 2D and 3D graphics without using plug-ins.
The code execution security issue discovered by Cisco Talos’ senior research engineer Marcin Towalski is tracked as CVE-2020-6492 and it received a high severity 8.3 CVSSv3 Score. The vulnerability triggers a crash when the WebGL component fails to correctly handle objects in memory. CVE-2020-6492 affects Google Chrome 81.0.4044.138 (Stable), 84.0.4136.5 (Dev) and 84.0.4143.7 (Canary).
Earlier Google Chrome stable releases (Chrome 84 and Chrome 83) addressed 38 vulnerabilities each, including security issues rated as critical and high severity. Chrome 84 also featured increased protection against mixed-content downloads, browser notification scams, as well as the removal of insecure TLS protocols (i.e., TLS 1.0 and 1.1).
The previous release, Chrome 83, provided users with massive security and privacy enhancements, including a redesigned
“Privacy and security” settings section, a new Safety Check feature, a new Enhanced Safe Browsing feature, better control over cookies, improved DoH settings, and more. Google did not release Chrome version 82 deciding instead to skip that version because of the ongoing pandemic and to roll all of its changes into the next release.