Google Chrome for Android Gets Zero-Day Vulnerability Fix
Google has released a new update to Chrome for Android to fix a zero-day flaw that is currently being exploited in the wild. The new update comes just days after Google fixed two zero-day vulnerabilities in the desktop version of its Chrome browser. Details regarding the attack are not yet public, as most Chrome for Android users have yet to install the update. In addition to the security fixes that include those initially rolled out for desktop users, the latest Chrome update also includes stability and performance improvements.
The last Chrome for Android The update carries the version number 86.0.4240.185 which includes fixes for a stack buffer overflow vulnerability, listed as CVE-2020-16010. The problem exists in the user interface (UI) component of the web browser.
“Google is aware of reports that there is an exploit for CVE-2020-16010 in the wild, ”the company said in a blog post.
Google’s Project Zero team reported the very serious vulnerability on October 31. Additionally, Google’s Threat Analysis Group (TAG), responsible for tracking threat actors, has been recognized for uncovering Chrome for Android-related zero-day attacks.
Details of the bug and its exploit have yet to be revealed as the update is currently in its rollout process. However, Google said that the new version would be available for download via Google Play in the coming weeks.
Before the latest update, Google fixed another zero-day issue affecting its desktop version of Chrome last month. That vulnerability, identified as CVE-2020-15999, affected the browser’s FreeType font rendering library.
It is unclear whether the three zero-day bugs discovered in the last month are exploited by a single threat actor or by multiple groups. With that said, users of the Android and desktop versions of the Chrome browser are advised to install the latest updates as soon as they are available.