Example analysis of Google Chrome 85 fixing WebGL code execution vulnerability-Safety-php.cn

Home

Operation and Maintenance

Safety

Example analysis of Google Chrome 85 fixing WebGL code execution vulnerability

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

May 17, 2023 pm 02:07 PM

google chrome webgl

WebGL is a JavaScript API that compliant browsers use to render interactive 2D and 3D graphics without the use of plug-ins.

This code execution vulnerability has been fixed in Google Chrome 85.0.4149.0.

High-risk code execution vulnerability

The code execution vulnerability discovered by Marcin Towalski, senior research engineer at Cisco Talos, is numbered CVE-2020-6492 and has a CVSS v3 score of 8.3.

This vulnerability triggers a crash when the WebGL component fails to properly handle objects in memory.

According to the Cisco Talos security advisory, the vulnerability exists in ANGLE, a compatibility layer between OpenGL and Direct3D used by the Chrome browser and other projects on Windows.

An attacker can exploit the use-after-free vulnerability by tampering with the correct memory layout, and ultimately execute arbitrary code in the browser environment to achieve complete control.

CVE-2020-6492 affects Google Chrome 81.0.4044.138 (Stable), 84.0.4136.5 (Dev) and 84.0.4143.7 (Canary).

Google ChromeSecurity Update

Earlier, the stable versions of Google Chrome (Chrome 84 and Chrome 83) each fixed 38 vulnerabilities, including Security vulnerabilities rated as critical and high-risk.

Chrome 84 also optimizes protection against mixed content downloads and browser notification scams, while removing insecure TLS protocols (i.e. TLS1.0 and 1.1).

Chrome 83 provides users with a host of security and privacy protections, including a redesigned "Privacy and Security" settings area, a new Security Checkup feature, a new enhanced Safe Browsing feature, and better protection of cookies. Good control, and optimized DoH settings, etc.

Because of the epidemic that has not subsided, Google did not release Chrome 82 version, but decided to skip this version and leave all modifications to the next release.

The above is the detailed content of Example analysis of Google Chrome 85 fixing WebGL code execution vulnerability. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

3 weeks ago By DDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

2 weeks ago By DDD

Where to find the Crane Control Keycard in Atomfall

3 weeks ago By DDD

Assassin's Creed Shadows - How To Find The Blacksmith And Unlock Weapon And Armour Customisation

1 months ago By DDD

Roblox: Dead Rails - How To Complete Every Challenge

3 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7599

CakePHP Tutorial

1386

What is the format of the account name of steam

win11 activation key permanent

nyt connections hints and answers

123

Related knowledge

How to change the display language in Google Chrome on Windows PC Apr 25, 2023 pm 11:28 PM

Have you ever noticed that when browsing the Internet, some web pages are in various languages that you cannot understand due to unfamiliarity? At this point, Google Chrome must ask the user if they wish to translate the web page into English or another language that the user understands. However, some users complained that Google Chrome does not translate any pages. So we designed a way to add a display language and allow Chrome to translate most web pages into the user's preferred language. If you're looking for a way to change your display language while allowing Chrome to translate your web pages, this article will show you how. How to Change Google Chrome Display Language Let’s see how to change it by following some simple steps given below

How to enable or disable smooth scrolling for websites in Google Chrome Apr 14, 2023 am 09:58 AM

Google Chrome is one of the most used browsers globally because of the performance it offers compared to other browsers. However, it uses a lot of system resources and sometimes lags when scrolling web pages. To improve your browsing experience, Chrome provides the option to customize the browser. However, these additional features and tweaks provided by Chrome are not available to users by default. These experimental features in Chrome are hidden and can be accessed through the Chrome flag. Smooth scrolling is one such experimental feature in Chrome that can be enabled or disabled via a Chrome flag. This feature allows you to scroll and navigate page content smoothly. If you are browsing the Internet and find that pages scroll slowly or

How to analyze Google Chrome remote code execution 0Day vulnerability notification May 16, 2023 pm 12:37 PM

1. Overview On April 13, 2021, Antiy CERT discovered that foreign security researchers released a PoC of a remote code execution 0Day vulnerability in the Google Chrome browser. Attackers can use the vulnerability to construct a specially crafted page, and users accessing the page will cause remote code execution. The vulnerability affects the latest official version of Chrome (89.0.4389.114) and all earlier versions. Antiy CERT followed up and found out that due to the high usage rate of Google Chrome browser in China, this vulnerability has the risk of being exploited by malicious code and spread widely, and the threat level is high. At the same time, Antiy's CERT test found that some other domestic browsers using the Google Chrome kernel are also affected. Currently as

Basic introduction: WebGL development with Three.js Aug 30, 2023 pm 01:25 PM

3D graphics in browsers have been a hot topic since they were first introduced. But if you want to create an application using pure WebGL, it will take a long time. That's why some really useful libraries have emerged recently. Three.js is one of the most popular, and in this series, I'll show you how to best use it to create stunning 3D experiences for your users. Before we begin, I do expect you to have a basic understanding of 3D space before starting this tutorial, as I won't be explaining coordinates, vectors, etc. Step 1: Preparation First, create three files: index.html, main.js, and style.css. Now, download Three.js (with examples and source code

What is better about webgl than canvas Sep 18, 2023 pm 02:35 PM

WebGL is better than canvas in 3D graphics rendering, hardware acceleration, interactivity, multi-platform support and rich resources. Detailed introduction: 1. 3D graphics rendering. WebGL is a 3D graphics rendering technology based on the OpenGL ES standard. It can achieve high-performance 3D graphics rendering in a web browser. In contrast, Canvas is mainly used for 2D graphics rendering. , although it can also draw some simple 3D effects, its performance and functions in complex 3D scenes are not as good as WebGL; 2. Hardware acceleration, etc.

How to open Google Chrome without extensions in Windows 11/10 Apr 14, 2023 pm 05:46 PM

Google Chrome is the most used browser in the world and it comes with powerful features that make it the best among other browsers. It has a feature called extensions which has its own advantages and disadvantages. But sometimes, when you unknowingly install extensions from certain third-party providers, it can actually cause problems that can break your browser and other software. Therefore, it is better to disable extensions in Google Chrome when needed. If you also want to open google chrome without extensions, then this article will help you know how to do it. <h2>If

Example analysis of Google Chrome 85 fixing WebGL code execution vulnerability May 17, 2023 pm 02:07 PM

Google has fixed a use-after-free vulnerability in the WebGL (WebGraphicsLibrary) component of the Google Chrome web browser. By successfully exploiting this vulnerability, an attacker can execute arbitrary code in the context of the browser's process. WebGL is a JavaScript API that compliant browsers use to render interactive 2D and 3D graphics without the use of plug-ins. GoogleChrome85.0.4149.0 has fixed this code execution vulnerability. High-risk code execution vulnerability The code execution vulnerability discovered by CiscoTalos senior research engineer Marcin Towalski is numbered CVE-2020-649

How to fix ERR_ICANN_NAME_COLLISION in Google Chrome Apr 14, 2023 am 11:28 AM

Many users prefer using Google Chrome due to its advanced features and ease of use, however, the browser may sometimes return an error when you try to access a website or after updating the browser. One such error is the " ERR_ICANN_NAME_COLLISION " error. This error will prevent you from accessing any website through Chrome and return the above error. You may also encounter this when trying to use localhost .dev on Chrome

See all articles