Google Patches Two More Chrome Zero-Day Vulnerabilities

Must Read
Sienna Rowley
Sienna Rowley
Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. She is a modest family woman who loves traveling in her free time.

In three weeks, Google has now patched five Chrome Zero-day vulnerabilities.

With the release of Chrome version 86.0.4240.198, Google fixes Zero-day vulnerabilities that were exploited in the wild.

The recent two bugs mark as the fourth and fifth Zero-day vulnerabilities that Google patched in the past three weeks.

The main highlight this time is that the first three zero-days were discovered internally by the security researchers at Google, however, the newest two zero-days came to Google’s attention after tips from unnamed sources.

Chrome 86.0.4240.198 Changelog

As per the Chrome 86.0.4240.198 Changelog, the two zero-days are tracked and reported as follows:

  • CVE-2020-16013 – Labeled as an “unsuitable implementation in V8,” where V8 is the Chrome element that manages the JavaScript code.
  • CVE-2020-16017 – Labeled as a “use after free” memory corruption bug in site isolation, the Chrome element that separates each and every site’s data from one another.

At the moment, it is unsure if the two vulnerabilities have been used collectively, or as part of an exploit chain, or utilized individually.

The other three Chrome’s zero-day vulnerabilities that Google patched are as follows:

  • CVE-2020-15999 – On October 20, Google patched a zero-day in Chrome’s FreeType font rendering library. This Chrome zero-day was used concurrently with a Windows zero-day (CVE-2020-17087).
  • CVE-2020-16009 – on November 2, Google patched a second zero-day, also in Chrome’s V8 JavaScript engine.
  • CVE-2020-16010 – a third zero-day was discovered this time in Chrome for Android, affecting the browser’s user interface (UI) component.

Most zero-days are generally employed in targeted attacks upon a small number of chosen targets, Hence a maximum of the users shouldn’t needlessly worry.

Users are urged to update to v86.0.4240.198 through the browser’s built-in update function (look for Chrome menu, Help option, and About Google Chrome section) as soon as feasible.

Are you looking for more security updates? Subscribe to our Newsletter for the latest security news right from the security and research industries. 

- Advertisement -spot_img
Latest News

SparkyLinux 6.6 Now Available to Download

Debian-based GNU/Linux distro, SparkyLinux has got a new update Sparky 6.6 named as Po Tolo. Based on Debian 11, Sparky...
- Advertisement -spot_img

More Articles Like This