Google Chrome’s New Update Fixes Two Zero Day Vulnerabilities

Google confirmed that these vulnerabilities were being used in the world.

Google has rolled out a new update for its Chrome browser. The latest version, 86.0.4240.198, comes with a patch for at least two zero-day vulnerabilities. The company confirmed that these bugs were exploited in the wild.

Interestingly, the latest update comes in a span of three weeks of Google rolling out multiple updates for similar zero-day vulnerabilities.

According to CNET, the two new vulnerabilities were flagged by anonymous sources. The older three zero-days were brought to Google’s attention by its own Project Zero team.

Google has not elaborated on how the new vulnerabilities work. According to the Chrome 86.0.4240.198 changelog, the first vulnerability tracked as CVE-2020-16013, is described as an “inappropriate implementation in V8,” where V8 is the Chrome component that handles JavaScript code.

The second vulnerability, tracked as CVE-2020-16017, is described as a “use after free” memory corruption bug in Site Isolation, the Chrome component that isolates each site’s data from one another.

Also Read:

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” said Google in a blog post.

Google’s latest update to Chrome browser is available for Windows, Mac and Linux. The update will be rolled out over the coming days and weeks.

Latest Posts

Related Articles