Upgrade to 5G: Save $50 on the unlocked Pixel 4a today

  • Forums
  • Shop
  • Galaxy S21
  • Huawei
  • Pixel 5
  • PS5
  • Android 11
  • Best Chromebook
  • OnePlus 8 Pro
  • Best Wireless Earbuds
  • Best VPN

We may earn a commission for purchases using our links. Learn more.

update now

Google patches a mystery zero-day Chrome vulnerability

Google didn't share any information about the vulnerability other than an acknowledgment of its existence.
Michael Allison
27 Feb 2020

Google Chrome logoSource: Android Central

What you need to know

  • Google has patched a mysterious zero-day in Chrome.
  • The firm is aware an exploit exists in the wild and has yet to detail the vulnerability while the patch rolls out to users.
  • The patch is currently available for Windows, Mac, and Linux.

Google this week released a patch to the latest version of Chrome, v80, aimed at squashing three vulnerabilities, including one mystery 0-day vulnerability that wasn't detailed.

Latest Chrome update patches CVE-2020-6418, 0day found in the wild by @_clem1 : https://t.co/H2j5PXO8gV pic.twitter.com/K2GoOJCPgf

— Antti Tikkanen (@anttitikkanen) February 24, 2020

Google didn't share any more information about the attack, and it's likely holding up until the patch has rolled out widely. Chrome OS v 80, which would presumably deliver the patch to Chromebooks, isn't available yet at the time of writing for example.

So what exactly is this mystery bug? The clue lies in the name. Google calls it a 'type confusion' error in V8 (Chrome's javascript engine).

VPN Deals: Lifetime license for $16, monthly plans at $1 & more

Ok, good, those are words. Why is that bad? Well, as explained by the security researchers over at Sophos:

A type confusion bug is where you are able trick a program into saving data for one purpose (data type A) but then using it later for a different purpose (data type B).

Imagine that a program is very careful about what values it allows you to store into memory when you are treating it as type B.

For example, if a 'type B' memory location keeps track of a memory address (a pointer, to use the jargon word), then the program will probably go to great lengths to stop you modifying it however you like.

Otherwise, you might end up with the power to read secret data from memory locations you aren't supposed to access, or to execute unknown and untrusted program code such as malware.

On the other hand, a memory location that's used to store something such as a color you just chose from a menu might happily accept any value you like, such as 0x00000000 (meaning completely transparent) all the way to 0xFFFFFFFF (meaning bright white and totally opaque).

So if you can get the program to let you write to memory under the low-risk assumption that it is storing a color, but later to use that "color" as what it thinks is a trusted memory address in order to transfer program execution into your malware code…

…you just used type confusion to bypass the security checks that should have been applied to the memory pointer.

TL:DR: If this vulnerability is actively exploited, malware can dress up as three kids in a trench coat and fool security checks meant to keep said malware out. Google has already fixed the vulnerability in Chrome for most people, so feel free to update your browser for maximum protection.

Chrome: Everything you need to know!

Have you listened to this week's Android Central Podcast?

Android Central

Every week, the Android Central Podcast brings you the latest tech news, analysis and hot takes, with familiar co-hosts and special guests.

  • Subscribe in Pocket Casts: Audio
  • Subscribe in Spotify: Audio
  • Subscribe in iTunes: Audio

We may earn a commission for purchases using our links. Learn more.

Review: The Cowin Apex Elite give you ANC for less than $100
Steady buds

Review: The Cowin Apex Elite give you ANC for less than $100

Cowin gives its Apex Elite Aukey true wireless earbuds a set of features and performance that make the price tag look all the more enticing for what you get. They don't have everything, mind you, but they do sound better than you might think.

Here's what driving with Android Automotive looks like right now
Android driver

Here's what driving with Android Automotive looks like right now

You've either heard of or used Android Auto, but Android Automotive is something altogether different. This built-in infotainment system officially marries Google to the automakers adopting this new OS, and while off to a decent start, not everything you'd expect to be available will be ready to roll.

Android phone starter pack: Top 15 games for your new phone
Start off the right way!

Android phone starter pack: Top 15 games for your new phone

The Google Play Store has a boatload of games and apps, but which games are the best? We've hand-picked these stellar titles for your enjoyment!

Time to dump Chrome: 8 alternative desktop web browsers
Break up with Chrome

Time to dump Chrome: 8 alternative desktop web browsers

If you getting frustrated with the lack of privacy, slower speeds or difficulty using extensions in Chrome, it's time to switch to one of these web browsers.

Keep in Touch

Sign up now to get the latest news, deals & more from Android Central!

I would like to receive news and offers from other Future brands.

I would like to receive mail from Future partners.

No spam, we promise. You can unsubscribe at any time and we'll never share your details without your permission.

  • News
  • security
  • Phones
  • Reviews
  • Chromebooks
  • Android
  • How To
  • Deals
  • Forums
  • Gaming
  • VPN

Other Categories

  • About Us
  • Newsletter
  • Advertising Inquiries
  • Licensing and Reprints
  • Tip us on news
  • Accessibility Statement
  • Windows Central
  • iMore
  • CrackBerry
  • Thrifter
  • TechnoBuffalo
  • MrMobile
Log in or Sign up
  • Twitter
  • Facebook
  • YouTube
  • Instagram
  • RSS

Brightness

  • © Future US, Inc.
  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Careers
  • Licensing
  • External Links Disclosure
  • Accessibility Statement
  • © Future US, Inc.
  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Careers
  • Licensing
  • External Links Disclosure
  • Accessibility Statement