• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2020-16935 – Microsoft Windows Privilege Escalation Vulnerability
October 21, 2020
Rewterz Threat Alert – GAMAREDON APT Introduces New Variants
October 21, 2020

Rewterz Threat Alert – Google Chrome Zero-day Bug Active Exploitation

October 21, 2020

Severity

High

Analysis Summary

Google has released Chrome 86.0.4240.111 to the Stable desktop channel to address five security vulnerabilities, one of which is an actively exploited zero-day bug. Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild. Google also fixed three other high severity security vulnerabilities and a medium severity flaw in Chrome 86.0.4240.111:

• CVE-2020-16000: Inappropriate implementation in Blink
• CVE-2020-16001: Use after free in media
• CVE-2020-16002: Use after free in PDFium
• CVE-2020-16003: Use after free in printing

Impact

  • Memory Corruption
  • System Compromise

Affected Vendors

Google

Affected Products

Google Chrome versions prior to 86.0.4240.111

Remediation

  • Google has released Chrome 86.0.4240.111 to fix the vulnerabilities.
  • Windows, Mac, and Linux desktop users can upgrade to Chrome 86 by going to Settings -> Help -> About Google Chrome.
  • The Google Chrome web browser will then automatically check for the new update and install it when available.

https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html

  • Run all software as a non-privileged user to lower the risk associated with a successful attack.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources via email or websites.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.