Google has patched a 2nd actively exploited zero-working day flaw in the Chrome browser in two months, along with addressing nine other security vulnerabilities in its most recent update.
The organization released 86..4240.183 for Windows, Mac, and Linux, which it explained will be rolling out more than the coming days/weeks to all consumers.
The zero-working day flaw, tracked as CVE-2020-16009, was noted by Clement Lecigne of Google’s Threat Evaluation Group (TAG) and Samuel Groß of Google Job Zero on October 29.
The firm also warned that it “is aware of reports that an exploit for CVE-2020-16009 exists in the wild.”
Google hasn’t made any specifics about the bug or the exploit employed by danger actors community so as to allow a vast majority of users to install the updates and prevent other adversaries from creating their possess exploits leveraging the flaw.
But Ben Hawkes, Google Job Zero’s technical guide, said CVE-2020-16009 concerned an “inappropriate implementation” of its V8 JavaScript rendering engine primary to remote code execution.
Apart from the 10 security fixes for the desktop variation of Chrome, Google has also tackled a different zero-working day in Chrome for Android that was currently being exploited in the wild — a sandbox escape flaw tracked as CVE-2020-16010.
The zero-working day disclosures appear two weeks after Google fastened a critical buffer overflow flaw (CVE-2020-15999) in the Freetype font library.
Then late very last 7 days, the enterprise exposed a Windows privilege escalation zero-day (CVE-2020-17087) that was employed in blend with the above font rendering library flaw to crash Windows units.
The lookup huge has not so considerably clarified if the exact menace actor was exploiting the two zero-times.
Located this report intriguing? Comply with THN on Facebook, Twitter and LinkedIn to browse far more special articles we post.
Some parts of this article are sourced from:
thehackernews.com