Cybercriminals can execute remote scripts and take over your PC/Laptop using crititcal ‘Use after Free’ vulnerability in Chrome 81
If you are using Google Chrome 81 browser on your Windows 7/10 laptop/PC or using Apple Mac and Linux powered PC/laptop, your Chrome can be taken over by hackers and threat actors by using a critical vulnerability called Use after Free.
The vulnerability is deemed highly critical and assigned CVE-2020-6457 at the National Vulnerability Database (NVD) of the U.S. government repository of common vulnerabilities and exposures. Google has also confirmed the critical security vulnerability.
Prudhvikumar Bommana of Google has issued a stable channel update notice referring to the “use after free” critical vulnerability in the speech recognition component of Chrome 81
What is Use after Free vulnerability
Use-After-Free vulnerabilities are a type of memory corruption flaw that can be leveraged by hackers and cybercriminals to execute arbitrary code. First, the threat actors access free memory using social engineering methods. Once they have access to free memory, they can remotely execute any arbitrary code.
Use After Free specifically refers to the attempt to access memory after it has been freed, which can cause a program to crash or, in the case of a Use-After-Free flaw, can potentially result in the execution of arbitrary code or even enable full remote code execution capabilities according to Webopedia.
In Google Chrome 81’s case, if a hacker convinces the Chrome 81 user into visiting a malicious website, the use after free memory corruption error can be triggered and the hacker can gain access to the user’s access memory freed after it has been allocated elsewhere. Once, the hacker has achieved this, they can execute any script including taking over your PC/laptop.
Use After Free fix
Google has rated this as a critical security issue. However, the fix is yet days from being released. Google says that update for the vulnerability for Chrome 81 desktop users on the Windows, Mac and Linux platforms is being released over the coming days and weeks.