Google Fixes Second Chrome Zero-Day Under Active Attack

Heads up Chrome users!. Google has just released a fix for another zero-day bug in their Chrome browser. Update your browsers now if haven’t done already.

One More Chrome Zero-Day Fixed

Two weeks after addressing a zero-day, Google disclosed and addressed one more bug in Chrome under active attack.

The bug, CVE-2020-16009, caught the attention of Clement Lecigne of Google’s Threat Analysis Group and Samuel Groß of Google Project Zero. As disclosed, the new zero-day bug affects the V8 component of the Chrome browser.

Although, Google also fixed another zero-day flaw in the V8 component earlier this year. But that was a type confusion flaw, while for the recent bug, Google has described it as inappropriate implementation.

As per their policy, Google hasn’t disclosed any details about the bug yet besides admitting its exploitation in the wild.

Google is aware of reports that an exploit for CVE-2020-16009 exists in the wild.

The tech giant has addressed this flaw with the release of Chrome 86.0.4240.183 for Windows, Mac & Linux. While the update will arrive on users’ systems automatically. However, given the active exploitation of the bug, it’s still better to look for the updates manually and patch the devices at the earliest.

Alongside this zero-day, Google has also fixed 9 other security flaws as well. These also include two high severity bugs, CVE-2020-16004 and CVE-2020-16005, each of which rewarded the bug reporters with a $15000 bounty.

Whereas, another inappropriate implementation in V8, CVE-2020-16006, rewarded the researcher with a $5000 bounty.

Previous Zero-Day In A Few Weeks

The present zero-day marks the second Chrome zero-day in a few weeks, and the third in the year 2020.

Google researchers recently disclosed a serious memory corruption flaw under active attack in the Chrome browser (CVE-2020-15999). This zero-day affected the FreeType font rendering library. Hence, demanded attention from all services using this library.

Shortly after, Google disclosed a serious Windows Kernel zero-day (CVE-2020-17087) that, together with CVE-2020-15999, could lead to code execution attacks.

While Microsoft will expectedly release a patch for it by November 10, 2020, Google has already fixed the Chrome bug. And now, they have rolled out another Chrome update with more security patches.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients