Continuing the trail of urgent fixes, Google has now disclosed two more zero-day vulnerabilities in Chrome. Since the patches are out, make sure to update your Chrome browsers ASAP.
Two More Chrome Zero-Day Vulnerabilities
This week, Google has addressed two more zero-day vulnerabilities affecting the Chrome browser.
Once again, the researchers haven’t disclosed any explicit details about the bugs. Yet, they have confirmed that the bugs remain under active attack before receiving a fix.
However, they have briefly stated about the bugs in their post announcing the Chrome 86.0.4240.198 stable release.
Specifically, the first of these is an inappropriate implementation in the V8 component of the browser (CVE-2020-16013).
Recently, Google has also addressed a zero-day affecting the V8 component (CVE-2020-16009) that was a type confusion flaw.
Whereas, the second vulnerability, CVE-2020-16017, was a use-after-free flaw affecting the site isolation feature of the browser.
Google has labeled both these bugs reported by Anonymous reporters as high-severity flaws. It hasn’t announced a precise bounty for these reports.
Yet, Google confirmed the exploitation of the bugs in the wild.
Google is aware of reports that exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild.
Update Chrome Now
Given the active exploitation of the two flaws and the availability of fix with the latest Chrome release, all users must ensure updating their respective devices to the latest version 86.0.4240.198.
Although, the update will automatically reach the devices. However, users can also manually update their browsers to ensure a quick fix.
Follow this path to update the browser: Menu > Help > About Google Chrome. If an update is available, click to install it.
While the present bugs do not specifically impact Android users, Google has already addressed a zero-day impacting Chrome for Android a week ago.
On a side note, Microsoft has also addressed the zero-day affecting Windows Kernel that Google researchers reported recently. The patch is now available with the November Patch Tuesday updates. Hence, all Windows users should also update their systems at the earliest.