Google fixes two more Chrome zero-days


Chrome version 86.0.4240.198 for Windows, Mac, and Linux has been released by Google in order to patch two zero-day vulnerabilities that were exploited in the wild.

These two vulnerabilities tracked as CVE-2020-16013 and CVE-2020-16017 are the fourth and fifth zero-days that Google has patched in Chrome web browser for desktop over the past three weeks.

The latest two new zero-days was reported to Google by anonymous sources, whereas the first three zero-days were discovered internally by Google’s Project Zero elite security team.

More details about the attacks where the Chrome two zero-days have been used have not been made public to allow the users to install the patches.

The two vulnerabilities are

CVE-2020-16013 : it is an “inappropriate implementation in V8,” where V8 is the Chrome component that handles JavaScript code.

CVE-2020-16017 : It is a “use after free” memory corruption bug in the Chrome’ Site Isolation feature which isolates each site’s data from one another.

It is not known whether the two vulnerabilities were used together, as part of an exploit chain, or used individually.

Over the past weeks, Google also patched:

CVE-2020-15999 : a zero-day in Chrome’s FreeType font rendering library which was utilized together with a Windows zero-day (CVE-2020-17087), which Microsoft patched yesterday.

CVE-2020-16009 : another zero-day in Chrome’s V8 JavaScript engine.

CVE-2020-16010 : a zero-day in Chrome for Android, impacting the browser’s user interface (UI) component.

Even though it is not clear about the danger that it imposes on regular users, Chrome users are still highly recommended to update to v86.0.4240.198 through Chrome’s built-in update function at the earliest.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    New malware wants to add your Linux servers and IoT devices to its botnet

    Previous article

    ModPipe POS malware targets restaurants and hotels

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *