Google has recently released the stable version of Chrome 85 with numerous updates and a serious bug fix. Exploiting this bug could allow remote code execution. Code Execution Bug Fixed With Chrome 85
Reportedly, security researcher Marcin Towalski of Cisco Talos discovered a high-severity vulnerability affecting the Chrome browser. the bug existed in the WebGL component of the browser. It was a high-severity use-after-free vulnerability, CVE-2020-6492, that could allow remote code execution. Describing the bug, Cisco stated,
This vulnerability specifically exists in ANGLE, a compatibility layer between OpenGL and Direct3D that Chrome uses on Windows systems. An adversary could manipulate the memory layout of the browser in a way that they could gain control of the use-after-free exploit, which could ultimately lead to arbitrary code execution.
The vulnerability affected the Google Chrome 81.0.4044.138 (Stable), 84.0.4136.5 (Dev) and 84.0.4143.7 (Canary) versions. And now, with Chrome 85, Google has patched this flaw.
Other Google Chrome 85 Updates Alongside this security update, Google has also released numerous feature upgrades with the new Chrome browser version.
Highlighting some details in a blog post,Max Christoff, Engineering Director, Chrome, mentioned that Chrome 85 will be much faster. It’s because it comes with two important features: Profile Guided Optimization (PGO) and Tab Throttling. Briefly, PGO facilitates faster loading of pages as the technique allows fast running of specific parts of the code. This behavior comes from analyzing the users’ activities globally, giving priority to the most common tasks. Whereas, Tab Throttling switches resources between the tabs, giving more power to the in-use tabs and drawing the resources from the ones in the background. This will not only increase the page loading speed. Rather it will also have a positive impact on power and memory saving needs.