HomeTech PlusTECH & OTHER NEWSAfter two zero-days in Chrome desktop, Google patches a third zero-day in...

After two zero-days in Chrome desktop, Google patches a third zero-day in the Android version

google chrome
Image: deepanker70

Google has released security updates for the Chrome for Android browser to fix a zero-day vulnerability that is currently exploited in the wild.

Chrome for Android version 86.0.4240.185 was released last night with fixes for CVE-2020-16010, a heap buffer overflow vulnerability in the Chrome for Android user interface (UI) component.

Google said the bug was exploited to allow attackers to bypass and escape the Chrome security sandbox on Android devices and run code on the underlying OS.

Details about the attack are not public to give Chrome users more time to install the updates and prevent other threat actors from developing exploits for the same zero-day.

Google credited its internal Threat Analysis Group (TAG) team for discovering the Chrome for Android zero-day attacks.

This marks the third Chrome zero-day discovered by the TAG team in the past two weeks.

The first two zero-days affected only Chrome for desktop versions.

The first was patched on October 20, was tracked as CVE-2020-15999, and affected Chrome’s FreeType font rendering library.

In a follow-up report last week, Google said this first Chrome zero-day was utilized together with a Windows zero-day (CVE-2020-17087) as part of a two-step exploit chain, with the Chrome zero-day allowing attackers to execute malicious code inside Chrome, while the Windows zero-day was used to elevate the code’s privileges and attack the underlying Windows OS.

On top of this, Google also patched a second zero-day yesterday. Tracked as CVE-2020-16009, this zero-day was described as a remote code execution in the Chrome V8 JavaScript engine.

Hours after the Chrome team released patches for this second zero-day, Google revealed a third zero-day, impacting only its Chrome for Android version.

While the three zero-days are all different from each other and impact different Chrome versions and components, Google did not clarify if all zero-days are exploited by the same threat actor or by multiple groups.

Such details are usually revealed months after patches, via reports published on Google’s Project Zero and Google Security blogs. In the meantime, Chrome users, both on Android and on desktop, should hurry to install the latest updates (v86.0.4240.185 on Android and v86.0.4240.183 on desktop).

By ZDNet Source Link

Technology For You
Technology For Youhttps://www.technologyforyou.org
Technology For You - One of the Leading Online TECHNOLOGY NEWS Media providing the Latest & Real-time news on Technology, Cyber Security, Smartphones/Gadgets, Apps, Startups, Careers, Tech Skills, Web Updates, Tech Industry News, Product Reviews and TechKnowledge...etc. Technology For You has always brought technology to the doorstep of the Industry through its exclusive content, updates, and expertise from industry leaders through its Online Tech News Website. Technology For You Provides Advertisers with a strong Digital Platform to reach lakhs of people in India as well as abroad.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

CYBER SECURITY NEWS

TECH NEWS

TOP NEWS