Google Chrome for Windows, Mac, Linux Receiving Update With Two Zero-Day Patches

Google Chrome has started receiving new update that fixes two zero-day vulnerabilities discovered in the wild. The update is specifically meant for Windows, Mac, and Linux users and is the third in the series after Google released a zero-day issue-related update in October and another similar patch last week. The search giant also recently brought a zero-day vulnerability fix to the Chrome for Android a few days back. However, unlike the three earlier patches that were reported by Google’s internal researchers, the two new zero-day issues were discovered by anonymous sources.

The latest Google Chrome update brings version 86.0.4240.198. As per the details provided through a blog post, the update fixes the vulnerabilities CVE-2020-16013 and CVE-2020-16017. The former is described as an inappropriate implementation in the V8 JavaScript engine and was reported on November 9. In contrast, the latter is known as a “use after free in site isolation” memory corruption bug and was reported on November 7.

Google notes that both vulnerabilities were reported by anonymous sources. However, it is unclear whether the two issues were exploited together or separately.

Chrome users are advised to look for the latest update by going to Help > About Google Chrome after clicking on the three dots button from the top-right corner of the browser window. The update is being rolled out in stages and may take some time to reach all users.

In October, Google fixed the zero-day vulnerability CVE-2020-15999 by releasing version 86.0.4240.111. That was related to an issue in the FreeType font engine that was reported by a researcher in Google’s Project Zero team. The Chrome browser received the second zero-day fix last week through version 86.0.4240.183. That vulnerability was identified as CVE-2020-16009 and was related to a bug in the V8 engine.

Google last week also released the Chrome for Android version 86.0.4240.185 to fix another zero-day flaw that was identified by the Project Zero team as CVE-2020-16010 and existed in the user interface component of the browser.


Is Mi Notebook 14 series the best affordable laptop range for India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.

By Gadgets 360 Source Link

LEAVE A REPLY

Please enter your comment!
Please enter your name here