Search This Blog

Google Chrome Receives Second Patch for Serious Zero-Day Bug in Two Weeks

The new security patch for Google Chrome desktops included fixes for a total of 10 bugs in the browser.

Google has recently introduced a fix for another zero-day bug in its Chrome browser and has also released a new security update for desktops. The bug (CVE-2020-16009) that affected the V8 component of the Chrome browser was discovered by Clement Lecigne and Samuel Groß of Google's Threat Analysis Group (TAG) and Google Project Zero respectively. 


 
While addressing the abovementioned flaw for the machines running on Mac, Windows, and Linux, Google released the Google Chrome security patch version 86.0.4240.183. The tech giant further told that the bug when exploited allowed the threat actors to bypass and escape the Chrome security sandbox on Android smartphones and run code on the underlying operating system. 

Google denied disclosing any details of the bug that had been exploited actively in the wild, as a lot of users have not updated yet; it's a part of Google's privacy policy. It prevents attackers from developing exploits alongside and gives users more time to get the updates installed. While Google's TAG hasn't confirmed if the threat actors behind the two bugs were the same, it assured that the acts were not motivated by the ongoing US presidential elections. 
 
Furthermore, a critical memory corruption flaw under active exploitation in the Google Chrome browser (CVE-2020-15999) was identified by the researchers at Google's TAG, who also told that this zero-day vulnerability was under attack in combination with CVE-2020-17087, windows zero-day. The zero-day vulnerability identified as CVE-2020-15999 affected the FreeType font rendering library, thereby demanding attention from all services making use of this library. 
 
Additionally, the latest security update will also allow users to experience a more stable and improved Chrome browser in terms of performance. 
 
In a blog post published on 2nd November, Google said, "The stable channel has been updated to 86.0.4240.183 for Windows, Mac, and Linux which will roll out over the coming days/weeks. A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues." 

"Google is aware of reports that an exploit for CVE-2020-16009 exists in the wild. We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel," the blog further stated.
Share it:

CVE vulnerability

Google

Google Chrome

Security Bug

Vulnerabilities and Exploits