News18»Tech
1-MIN READ

Google Chrome Gets Second Security Update in Two Weeks That Fixes a Critical Zero-Day Vulnerability

Google Chrome.

Google Chrome.

The latest zero-day bug on Chrome, CVE-2020-16009 was residing in the browsers' V8 engine that handles JavaScript code. Earlier in October, Google had patched another zero-day bug identified as CVE-2020-15999.

Google Chrome desktop browser is receiving a new security update that patches ten bugs with high-risk ratings. This is the second security update Google has released in the last two weeks that also addresses a zero-day vulnerability, identified as CVE-2020-16009 on the browser. The zero-day vulnerability was found to be affecting Google Chrome desktop application for Windows, Mac and Linux systems, and it was discovered by Google's Threat Analysis Group (TAG). Chrome desktop users are advised to upgrade the browser to version 86.0.4240.183 or later to ensure the safety of their system.

A zero-day vulnerability refers to a flaw in the system or device that can create severe complications (even hacking) well before anyone realises its existence. Google has not shared the exact details about the CVE-2020-16009 vulnerability; however, the company claims that it was residing in Chrome's V8 that handles JavaScript code. The V8 is an open-source JavaScript engine that is also used in several other Chromium-based browsers like Microsoft Edge and Opera. The software giant added that the company is aware of the exploit for the CVE-2020-16009 vulnerability which "exists in the wild." It further said that bug details and links would be shared once the majority of Chrome users are updated with a fix.

In October, Google had released an update for stable Chrome channels that also addressed another zero-day vulnerability CVE-2020-15999. The bug appeared to be affecting Chrome's FreeType font rendering library, the company had said. According to ZDNet, the October Chrome zero-day bug was utilised together with a Windows zero-day bug (CVE-2020-17087) to target systems running Windows 7 and above. Microsoft is expected to patch this zero-day bug through an update slated to release on November 10, while Google has already addressed the issue. It is unclear whether the two vulnerabilities were exploited by the same threat actors; however, Shane Huntley, Director of Google’s Threat Analysis Group (TAG) has confirmed that are not related to any US election-related targeting.


Next Story
Loading...