Google Chrome Getting a New Update That Fixes Two Critical Zero-Day Vulnerabilities

Google Chrome.

Google Chrome.

The two new zero-day bugs CVE-2020-16013 and CVE-2020-16017 are getting fixed with the Chrome version 86.0.4240.198. The bugs were affecting Google Chrome for Windows, Mac, and Linux.

Google Chrome browser for Windows, Mac, and Linux is getting a new update that addresses two zero-day vulnerabilities discovered in the wild. The newly discovered bugs are the fourth and fifth zero-days that Google has patched in Chrome over the past three weeks. The new security update will likely start rolling out in the upcoming days, and users are advised to use the latest Chrome version 86.0.4240.198 to ensure the safety of their PC. Users can manually update the browser by heading to 'more' at the top right corner and then select update Google Chrome. If the option is unavailable, it means the browser is already on the latest version.

According to the official changelog, both the zero-day vulnerabilities were disclosed by external researchers. The first zero-day bug identified as CVE-2020-16013 was residing in Chrome's V8 that handles JavaScript code. The V8 is an open-source JavaScript engine that is also used in several other Chromium-based browsers like Microsoft Edge and Opera. The second bug, CVE-2020-16017 is described as a "use after free" memory corruption bug in Site Isolation which is the Chrome component that isolates each site's data from one another. A zero-day vulnerability refers to a flaw in the system or device that can create severe complications (even hacking) well before anyone realises its existence.

At the moment, it is unclear whether the two newly discovered zero-day vulnerabilities have been used together or individually as a part of an exploit chain. Google on the official changelog added that the company is aware of the exploits which "exists in the wild." The software giant further added that details and links regarding the bugs would be shared once the majority of Chrome users are updated with a fix.

In October, Google had released an update for stable Chrome channels that addressed the zero-day vulnerability CVE-2020-15999. The bug appeared to be affecting Chrome's FreeType font rendering library, the company had said. Last week, Google addressed the second zero-day bug CVE-2020-16009 also residing in Chrome's V8 JavaScript engine. The third zero-day bug also patched last week, seemed to be affecting Chrome for Android's user interface (UI) component.

Next Story