Home > Cyber News > New Critical Bugs in Firefox, Chrome and Edge (CVE-2020-16044)

New Critical Bugs in Firefox, Chrome and Edge (CVE-2020-16044)

critical vulnerabilities in firefox, chrome, and edge warning

Users should patch several new browser vulnerabilities affecting Chrome, Firefox, and Edge.

The vulnerabilities are rated critical and could allow attackers to hijack susceptible systems.
It should be noted that the Firefox flaw identified as CVE-2020-16044 is separate from the vulnerability discovered in Chromium. Chromium is the browser engine for both Google Chrome and Microsoft Edge.

Firefox Vulnerability CVE-2020-16044

According to Mozilla’s advisory, “a malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code.”

In other words, the vulnerability is a use-after-free issue, stemming from the way the Firefox browser handles browser cookies. Upon exploitation, the bug could allow attackers to access the user’s device (computer, tablet, or phone). The vulnerability has been fixed in the desktop Firefox version 84.0.2, Firefox Android 84.1.3, and the corporate ESR 78.6.1 version.

The company hasn’t specified who discovered the vulnerability nor if it is actively exploited in the wild. Nonetheless, users should make sure that their browsers are running a patched version to avoid any issues.

Chrome and Edge Vulnerability CVE-2020-15995

This Chromium bug is described as an “out of bounds write in V8 in Google Chrome prior to 86.0.4240.99”. The bug could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Windows, macOS, and Linux users of Chrome should patch the vulnerability residing in the 87.0.4280.141 version of the browser. Tenable researchers rated the flaw as critical. However, Google and Microsoft said the bug is of high severity.

CVE-2020-15995 was discovered and reported by Tencent Security Xuanwu Lab researcher Bohan Liu.
It is noteworthy that CVE-2020-15995 is associated with a Chrome for Android update security bulletin Google published in October last year when it was rated a high-severity issue.

Initially, the vulnerability was disclosed in September 2020 by the same Tencent researcher.
This is not the only vulnerability endangering the Chromium engine in Chrome and Edge. Google disclosed 12 more flaws, and Microsoft also featured them in its security bulletin. This is the list of vulnerabilities:

CVE-2021-21106, CVE-2021-21107, CVE-2021-21108, CVE-2021-21109, CVE-2021-21110, CVE-2021-21111, CVE-2021-21112, CVE-2021-21113, CVE-2021-21114, CVE-2021-21115, CVE-2021-21116, CVE-2020-16043.

In December 2020, Mozilla and Google addressed another critical vulnerability lurking in their browsers.

According to Mozilla’s security advisory, CVE-2020-16042 is an issue in BigInt, a JavaScript component that could have triggered uninitialized memory to be exposed. Google’s description differs, as the bug is described as “uninitialized-use” affecting Chrome’s V8 JavaScript engine. These types of bugs are largely neglected and taken for “insignificant memory errors.”

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree