There's no information yet on who was using these two zero-days flaws, or who was being targeted. Without JavaScript and similar technologies, you wouldn't be able to open a Gmail message without reloading the entire page.
Before JavaScript, websites were largely static. JavaScript is one of the chief components that make interactive websites possible. The second flaw is characterized as "use after free in Indexed DB API," meaning that hackers figured out a way to hijack running memory allocated to a programming interface that handles JavaScript interactions with a database. Google has patched half-a-dozen zero-days this year related to V8. The first is described as an "out-of-bounds write in V8," which is Chrome's JavaScript engine and handles many of the moving parts on a web page. They're called "zero days" because hackers were already using them in attacks before Chrome found out, giving the developers no time to prepare fixes before exploitation began. These are the first zero-days patched in Chrome since mid-July.
0 kommentar(er)
