Google: 11 zero-day “In the Wild” in the first half of 2020

0day

Google Project Zero Team released 11 zero-day vulnerabilities  in their report for the first half of 2020

The complete details about these zero-days have been obtained from a Google Spreadsheet managed by Google security researchers, which the company made public available earlier this year. The spreadsheet contains Google’s internal statistics about in-the-wild zero-day usage going as far back as 2014, when the company began tracking said stats.

    • CVE-2019-17026
    • Mozilla
    • Firefox
    • Memory Corruption
    • Type confusion in IonMonkey JIT compiler
    • ???
    • 2020-01-08
    • https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/
    • Dark Hotel
    • https://blogs.360.cn/post/apt-c-06_0day.html
    • Qihoo 360 ATA
    • CVE-2020-0674
    • Microsoft
    • Internet Explorer
    • Memory Corruption
    • Unspecified memory corruption in Internet Explorer
    • 2020-02-11
    • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674
    • https://blogs.360.cn/post/apt-c-06_0day.html
    • Dark Hotel
    • https://blogs.360.cn/post/apt-c-06_0day.html
    • “Yi Huang(@C0rk1_H) & Kang Yang(@dnpushme) of Qihoo 360 ATA
    • Clément Lecigne of Google’s Threat Analysis Group”
    • CVE-2020-6418
    • Google
    • Chrome
    • Memory Corruption
    • Type confusion in v8
    • 2020-02-24
    • https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
    • Clement Lecigne of Google’s Threat Analysis Group
    • CVE-2020-8467
    • TrendMicro
    • Apex One/OfficeScan
    • Unspecified
    • Unspecified vulnerability in a migration tool component
    • 2020-03-16
    • https://success.trendmicro.com/solution/000245571
    • Trend Micro Research
    • CVE-2020-8468
    • TrendMicro
    • Apex One/OfficeScan
    • Logic/Design Flaw
    • Content validation escape in agent client component
    • ???
    • 2020-03-16
    • https://success.trendmicro.com/solution/000245571
    • Trend Micro Research
    • CVE-2020-6819
    • Mozilla
    • Firefox
    • Memory Corruption
    • Use-after-free while running the nsDocShell destructor
    • 2020-04-03
    • https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/
    • Francisco Alonso @revskills working with Javier Marcos of @JMPSec
    • CVE-2020-6820
    • Mozilla
    • Firefox
    • Memory Corruption
    • Use-after-free when handling a ReadableStream
    • 2020-04-03
    • https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/
    • Francisco Alonso @revskills working with Javier Marcos of @JMPSec
    • CVE-2020-0938
    • Microsoft
    • Windows
    • Memory Corruption
    • Unspecified memory corruption in Adobe Type 1 PostScript format
    • 2020-04-14
    • https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0938
    • Liubenjin and Zhiyi Zhang from Codesafe Team of Legendsec at Qi’anxin Group
    • CVE-2020-1020
    • Microsoft
    • Windows
    • Memory Corruption
    • Unspecified memory corruption in Adobe Type 1 PostScript format
    • 2020-04-14
    • https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1020
    • Google Project Zero & Google’s Threat Analysis Group
    • CVE-2020-1027
    • Microsoft
    • Windows
    • Memory Corruption
    • Unspecified memory corruption in Windows Kernel
    • 2020-03-23
    • 2020-04-14
    • https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1027
    • Google Project Zero & Google’s Threat Analysis Group
    • CVE 2020-12271
    • Sophos
    • XG Firewall
    • Logic/Design Flaw
    • SQL injection in admin interface/user portal
    • 2020-04-22
    • 2020-04-25
    • https://community.sophos.com/kb/en-us/135412
    • https://news.sophos.com/en-us/2020/04/26/asnarok/

Leave a Reply

Your email address will not be published. Required fields are marked *