In three weeks, Google has now patched five Chrome Zero-day vulnerabilities.
With the release of Chrome version 86.0.4240.198, Google fixes Zero-day vulnerabilities that were exploited in the wild.
The recent two bugs mark as the fourth and fifth Zero-day vulnerabilities that Google patched in the past three weeks.
The main highlight this time is that the first three zero-days were discovered internally by the security researchers at Google, however, the newest two zero-days came to Google’s attention after tips from unnamed sources.
Chrome 86.0.4240.198 Changelog
As per the Chrome 86.0.4240.198 Changelog, the two zero-days are tracked and reported as follows:
- CVE-2020-16013 – Labeled as an “unsuitable implementation in V8,” where V8 is the Chrome element that manages the JavaScript code.
- CVE-2020-16017 – Labeled as a “use after free” memory corruption bug in site isolation, the Chrome element that separates each and every site’s data from one another.
At the moment, it is unsure if the two vulnerabilities have been used collectively, or as part of an exploit chain, or utilized individually.
The other three Chrome’s zero-day vulnerabilities that Google patched are as follows:
- CVE-2020-15999 – On October 20, Google patched a zero-day in Chrome’s FreeType font rendering library. This Chrome zero-day was used concurrently with a Windows zero-day (CVE-2020-17087).
- CVE-2020-16009 – on November 2, Google patched a second zero-day, also in Chrome’s V8 JavaScript engine.
- CVE-2020-16010 – a third zero-day was discovered this time in Chrome for Android, affecting the browser’s user interface (UI) component.
Most zero-days are generally employed in targeted attacks upon a small number of chosen targets, Hence a maximum of the users shouldn’t needlessly worry.
Users are urged to update to v86.0.4240.198 through the browser’s built-in update function (look for Chrome menu, Help option, and About Google Chrome section) as soon as feasible.
Are you looking for more security updates? Subscribe to our Newsletter for the latest security news right from the security and research industries.