Importance of Updating 3rd Party Applications
Berat Yazturk
PreviousCVE-2023-2033 Google Chrome Zero-Day VulnerabilityNextLocal Publishing Maximum Cab Size Setting
Last updated
Berat Yazturk
Last updated
Why it is important to update third-party applications
With the help of using updated versions, patch potential vulnerabilities fast
The operating systems installed on our computers and the vulnerabilities of the applications running on those computers could create a security vulnerability at least as serious as external threats and viruses. Software vendors gives us the ability to fix the vulnerability by publishing new versions and patches. It is very important to use up-to-date versions of applications to avoid vulnerabilities that cause from older versions of them. Easy2Patch helps you fix these vulnerabilities by analyzing current versions and new patches of the applications and distributing them in a central manner.
Google Chrome Remote Code Execution vulnerability
Firstly, we start with preparing our test environment to see the effects of vulnerability in Google Chrome. We will use Kali machine to exploit the vulnerability and Windows 10 machine as the target.
Google Chrome version: v80.0.3987.87
CVE Code: CVE-2020-6418
CVE details link: https://nvd.nist.gov/vuln/detail/CVE-2020-6418
CVE explanation: These attacks potentially let an attacker to exploit heap corruption vulnerability by using an HTML page. Even though this vulnerability is patched by Google, it still exists in all V8 versions of Google Chrome version 80.0.3987.122 .
Preparation Phase
We first configure both Kali and Windows 10 machines such that they will be in the same network.
We install vulnerable Google Chrome version to our target machine.
We turn back to Kali machine and start Msfconsole
We search for the exploit named “chrome_js”
We will use this exploit to penetrate the system
We select the exploit by writing “use 0”
By writing “show options”, we fill the required information
At this point, first of all, we look for the ip address of my Kali machine
Then we start configuring our exploit
By typing “info” we can see under which operating systems this exploit can be used
Lastly, by selecting the target, we start the attack
Now, we enter the given url above in our Google Chrome on Windows 10 machine
After that, when we look at Kali machine, we will that we got a session successfully
At this point, we can see that we successfully penetrated the Windows 10 machine
Result
You can protect your machines by automating third party application update process with the help of Easy2Patch. Along with it, also, you can make update process easy and make your systems more secure by updating your applications for which we provide a detailed update catalogue.
