Critical Bugs in Firefox and Chrome Allow Exploitation – E Hacking News
On Thursday, the Cybersecurity and Infrastructure Security Agency (CISA) asked clients of Mozilla Foundation’s Firefox browser and Windows, macOS, and Linux clients of Google’s Chrome browser to fix bugs, traced as CVE-2020-16044 and CVE-2020-15995 respectively.
The vulnerability of CVE-2020-16044 is classified as a use-after-free bug and attached to the manner in which Firefox handles browser cookies and whenever exploited permits hackers to access the computer, telephone, or tablet running the browser software. Affected are Firefox browser renditions released before the recently released Firefox desktop 84.0.2, Firefox Android 84.1.3 edition, and furthermore Mozilla’s corporate ESR 78.6.1 version of Firefox. “A pernicious peer might have altered a COOKIE-ECHO chunk in a SCTP packet in a way that conceivably resulted in a use-after-free. We assume that with enough effort it might have been exploited to run arbitrary code,” as indicated by a Mozilla security notice.
SCTP stands for Stream Control Transmission Protocol, utilized in computer networking to communicate protocol data inside the Transport Layer of the internet protocol suite, or TCP/IP. A COOKIE ECHO chunk is a snippet of information sent during the initialization of the SCTP association with the browser.
Google’s Chrome browser bug CVE-2020-15995 was affecting the current 87.0.4280.141 rendition of the software. The CISA-bug cautioning expressed that the update to the most recent version of the Chrome browser would “addresses vulnerabilities that an attacker could exploit to take control of a tainted system.” Microsoft’s most recent Edge browser depends on Google Chromium browser engine, Microsoft additionally encouraged its clients to update to the most recent 87.0.664.75 rendition of its Edge browser.