ProHoster > Blog > internet nhau > Kusagadzikana kwe0-zuva muChrome kunoonekwa kuburikidza nekuongororwa kwekuchinja muinjini yeV8

Kusagadzikana kwe0-zuva muChrome kunoonekwa kuburikidza nekuongororwa kwekuchinja muinjini yeV8

Vatsvagiri kubva kuExodus Intelligence varatidza nzvimbo isina kusimba mukugadzirisa zvisizvo muChrome/Chromium codebase. Dambudziko rinobva pakuti Google inoburitsa pachena kuti shanduko dzakaitwa dzine chekuita nenyaya dzekuchengetedza chete mushure mekuburitswa, asi
inowedzera kodhi kune repository kugadzirisa kusagadzikana muinjini yeV8 isati yaburitsa kuburitswa. Kwenguva yakati, zvigadziriso zvinoedzwa uye hwindo rinoonekwa panguva iyo kusagadzikana kunogadziriswa mukodhi yekodhi uye inowanikwa kuti iongororwe, asi kusagadzikana kunoramba kusingagadziriswe pane vashandisi masisitimu.

Ndichiri kudzidza shanduko dzakaitwa kunzvimbo inochengeterwa, vaongorori vakaona chimwe chinhu chakawedzerwa muna Kukadzi 19 kururamisa uye mumazuva matatu vakakwanisa kugadzirira exploit, inokanganisa kuburitswa kwazvino kweChrome (iyo yakadhindwa kushandiswa haina kusanganisira zvikamu zvekunzvenga bhokisi rejecha). Google nekukasira yakaburitswa Chrome 80.0.3987.122 inogadziridza, kugadzirisa iyo yakarongwa kushandiswa vulnerability (CVE-2020-6418). Kusagadzikana kwacho kwakatanga kuonekwa nevainjiniya veGoogle uye kunokonzereswa nedambudziko rekubata mhando mukushanda kweJSCreate, iyo inogona kushandiswa kuburikidza neArray.pop kana Array.prototype.pop nzira. Zvinokosha kuziva kuti paiva nedambudziko rakafanana fixed muFirefox zhizha rapfuura.

Vatsvakurudzi vakacherechedzawo nyore kwekugadzira kushandiswa nekuda kwekubatanidzwa kwe Chrome 80 michina kurongedza kwezviratidzo (panzvimbo yekuchengetedza iyo yakazara 64-bit kukosha, chete yakasarudzika yakaderera mabhiti einongedzo anochengetwa, ayo anogona zvakanyanya kuderedza murwi ndangariro kushandiswa). Semuyenzaniso, mamwe emusoro-we-murwi data zvimiro seyakavakirwa-mukati basa tafura, yemuno mamiriro ezvinhu, uye mudzi zvinhu anonhonga marara ave kupihwa kero dzakazara uye dzinokwanisa kunyorwa.

Sezvineiwo, rinenge gore rapfuura Exodus Intelligence yaive zvaitwa chiratidziro chakafanana chekugona kwekugadzira kushandiswa kunobva pakudzidza gwaro revanhu rekugadzirisa muV8, asi, sezviri pachena, mhedziso dzakakodzera hadzina kuteverwa. Panzvimbo yevaongorori
Exodus Intelligence inogona kunge iri varwisi kana masangano ehungwaru ayo, kana achigadzira chisimba, angave nemukana wekushandisa pachivande kusazvibata kwemazuva kana mavhiki kusati kwasvika kuburitswa kweChrome kusati kwaumbwa.

Source: opennet.ru

Voeg