Google released a new emergency update of your Google Chrome browser, in which the new version 79.0.3945.130 arrives in order to solve three vulnerabilities which were cataloged as criticisms and one of which is addressed to one that Microsoft fixed a potentially dangerous bug that would allow an attacker to spoof a certificate by pretending it came from a trusted source.
Since the National Security Agency (NSA) informed Microsoft of the vulnerability It affects Windows 10, Windows Server 2016, Windows Server 2019, and Windows Server version 1803, according to a report from the government agency.
About fixed bugs
The flaw affected the encryption of digital signatures used to authenticate content, including software or files. If it explodes, this flaw could allow to ill-intentioned people send malicious content with fake signatures that make it appear safe.
It is because of that Google released the update from Chrome 79.0.3945.130, which will now detect the certificates that try to exploit the vulnerability CryptoAPI Windows CVE-2020-0601 discovered by the NSA.
As already mentioned, the vulnerability allows attackers to create TLS and code signing certificates that impersonate other companies to carry out man-in-the-middle attacks or create phishing sites.
As the PoCs exploiting the CVE-2020-0601 vulnerability have already been released, the publisher believes that it is only a matter of time before attackers begin to easily create forged certificates.
Chrome 79.0.3945.130, Thus, comes to further verify the integrity of a website's certificate before authorizing a visitor to access the site. Google's Ryan Sleevi added the code for double signature verification on verified channels.
Another problem critics that were fixed with this new version, it was a failure that allows all levels browser security bypass run code on the system, out of the safe and environment enclosure.
Details about the critical vulnerability (CVE-2020-6378) have yet to be revealed, it is only known to be caused by a call to the already freed block of memory in the speech recognition component.
Another vulnerability solved (CVE-2020-6379) is also associated with a memory block call already released (Use-after-free) in the speech recognition code.
While a minor impact issue (CVE-2020-6380) is caused by an error checking plugin messages.
Finally Sleevi acknowledged that this control measure is not perfect, but that it is sufficient for the time being as users implement security updates for their operating systems and that Google is moving towards better verifiers.
It is not perfect, but this security check is enough, it is time for us to move on to another verifier or to enforce the blocking of 3P modules, even for CAPI.
If you want to know more about it About the new emergency update released for the browser, you can check the details In the following link.
How to update Google Chrome in Ubuntu and derivatives?
In order to update the browser to the new version, The process can be carried out in two different ways.
The first of them it is simply executing an apt update and apt upgrade from the terminal (this taking into account that you made the installation of the browser adding its repository to the system).
So to perform this process, just open a terminal (you can do it with the keyboard shortcut Ctrl + Alt + T) and in it you are going to type the following commands:
sudo apt update sudo apt upgrade
FinallyThe other method is if you installed the browser from the deb package that you download from the official website of the browser.
Here you have to go through the same process again, of downloading the .deb package from the website and then installing it via the dpkg package manager.
Although this process can be done from the terminal by executing the following commands:
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb sudo dpkg -i google-chrome * .deb sudo apt-get install -f