Chrome Turbofan Remote Code Execution
Older versions of Google Chrome can be affected by a type confusion vulnerability which is designed to confuse JavaScript code and allow an attacker to execute remote code in the browser.
Turbofan is a component in Google Chrome used to optimise JavaScript code. In order for this vulnerability to be exploited, a user will need to visit a malicious website which will then send malicious JavaScript code, allowing remote code execution (RCE) to take place. By exploiting this vulnerability, it can allow an attacker to steal browser data such as passwords and cookies.
Google aren’t working on a patch for this vulnerability as it doesn’t affect the latest version of Chrome (version 60).
Affected Platforms:
Google Chrome – version 59 and earlier
Resolution:
Google Chrome must be updated to version 60 or later.
Ensure browsers and any third-party plug-ins are regularly updated.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.