# Importance of Updating 3rd Party Applications

**Why it is important to update third-party applications**

**With the help of using updated versions, patch potential vulnerabilities fast**

The operating systems installed on our computers and the vulnerabilities of the applications running on those computers could create a security vulnerability at least as serious as external threats and viruses. Software vendors gives us the ability to fix the vulnerability by publishing new versions and patches. It is very important to use up-to-date versions of applications to avoid vulnerabilities that cause from older versions of them. Easy2Patch helps you fix these vulnerabilities by analyzing current versions and new patches of the applications and distributing them in a central manner.

**Google Chrome Remote Code Execution vulnerability**

Firstly, we start with preparing our test environment to see the effects of vulnerability in Google Chrome. We will use Kali machine to exploit the vulnerability and Windows 10 machine as the target.

**Google Chrome version:** v80.0.3987.87

**CVE Code:** CVE-2020-6418

**CVE details link:** <https://nvd.nist.gov/vuln/detail/CVE-2020-6418>

**CVE explanation:** These attacks potentially let an attacker to exploit heap corruption vulnerability by using an HTML page. Even though this vulnerability is patched by Google, it still exists in all V8 versions of Google Chrome version 80.0.3987.122 **.**

**Preparation Phase**

* We first configure both Kali and Windows 10 machines such that they will be in the same network.
* We install vulnerable Google Chrome version to our target machine.
* We turn back to Kali machine and start Msfconsole
* We search for the exploit named “chrome\_js”

<figure><img src="https://blog.easy2patch.com/wp-content/uploads/2023/02/image.png" alt="" height="184" width="775"><figcaption></figcaption></figure>

* We will use this exploit to penetrate the system
* We select the exploit by writing “use 0”

<figure><img src="https://blog.easy2patch.com/wp-content/uploads/2023/02/image-1.png" alt="" height="469" width="780"><figcaption></figcaption></figure>

* By writing “show options”, we fill the required information
  * At this point, first of all, we look for the ip address of my Kali machine

<figure><img src="https://blog.easy2patch.com/wp-content/uploads/2023/02/image-2.png" alt="" height="185" width="687"><figcaption></figcaption></figure>

* Then we start configuring our exploit

<figure><img src="https://blog.easy2patch.com/wp-content/uploads/2023/02/image-3.png" alt="" height="153" width="784"><figcaption><p>Here, I give the ip address of my Kali machine</p></figcaption></figure>

* By typing “info” we can see under which operating systems this exploit can be used

<figure><img src="https://blog.easy2patch.com/wp-content/uploads/2023/02/image-4.png" alt="" height="121" width="605"><figcaption></figcaption></figure>

* Lastly, by selecting the target, we start the attack

<figure><img src="https://blog.easy2patch.com/wp-content/uploads/2023/02/image-5.png" alt="" height="194" width="620"><figcaption><p>We start waiting on the Kali side. If the target visits the given url, we can get a meterpreter session.</p></figcaption></figure>

*
* Now, we enter the given url above in our Google Chrome on Windows 10 machine
* After that, when we look at Kali machine, we will that we got a session successfully

<figure><img src="https://blog.easy2patch.com/wp-content/uploads/2023/02/image-6.png" alt="" height="205" width="809"><figcaption></figcaption></figure>

* At this point, we can see that we successfully penetrated the Windows 10 machine

<figure><img src="https://blog.easy2patch.com/wp-content/uploads/2023/02/image-7.png" alt="" height="257" width="637"><figcaption><p>As can be seen from that, hackers can not only steal information from browser but also hack the system by using this vulnerability.</p></figcaption></figure>

***

**Result**

You can protect your machines by automating third party application update process with the help of Easy2Patch. Along with it, also, you can make update process easy and make your systems more secure by updating your applications for which we provide a detailed update catalogue.