Quote:Google addressed a use-after-free bug in the WebGL (Web Graphics Library) component of the Google Chrome web browser that could lead to arbitrary code execution in the context of the browser's process following successful exploitation.
WebGL is a JavaScript API used by compatible browsers to render interactive 2D and 3D graphics without using plug-ins.
A fix for this code execution vulnerability is already included in Google Chrome's Beta release channel and it will also come to the Stable channel with the release of Google Chrome 85.0.4149.0 that will roll out tomorrow according to Chrome's release timeline.
The code execution security issue discovered by Cisco Talos' senior research engineer Marcin Towalski is tracked as CVE-2020-6492 and it received a high severity 8.3 CVSSv3 Score.
The vulnerability triggers a crash when the WebGL component fails to correctly handle objects in memory.
"This vulnerability is in ANGLE, a compatibility layer between OpenGL and Direct3D used on Windows by Chrome browser and other project," Cisco Talos' security advisory explains.
"With proper memory layout manipulation, an attacker can gain full control of this use-after-free vulnerability which could ultimately lead to arbitrary code execution in the context of the browser."
Read more: https://www.bleepingcomputer.com/news/se...erability/
![[-]](https://www.geeks.fyi/images/collapse.png)
