Google Chrome gets a second patch for zero-day bug in two weeks

Google Chrome gets a second patch for zero-day bug in two weeks

Google has started rolling out a new security update for its Chrome browser on desktop computers. The new patch includes fixes for a total of 10 bugs in the browser, including a zero-day vulnerability, the second to be detected by Google’s Threat Analysis Group (TAG) that tracks threat actors in the last two. weeks. As always, Google says that the details of the bug and the links will not be revealed until the majority of Chrome users have installed the update and the vulnerabilities are also fixed in any related third-party libraries. A zero-day vulnerability refers to a recently discovered software security flaw that could have been exploited by hackers.

Version 86.0.4240.183 of the Google Chrome security patch will be released for systems running on Windows, Mac, and Linux. Google on a blog posted Regarding the Chrome update on November 2, he said he was aware of reports that there is an exploit of the particular zero-day vulnerability identified as CVE-2020-16009 in the wild. The update changelog has only a passing mention that the zero-day bug was in V8, an open source JavaScript engine designed for Google Chrome and also used by other Chromium browsers, such as Microsoft Edge and Opera.

The zero-day issue that the latest patch fixes is the second to be seen in the last two weeks and the fourth in the last 12 months. Google last released a security patch on October 20 to fix CVE-2020-15999, a memory corruption bug actively exploited in the FreeType font rendering library within Chrome. A few days after releasing a security patch to fix it, Google revealed on October 30 that the zero-day CVE-2020-15999 was being exploited in conjunction with a Windows zero-day vulnerability identified as CVE-2020-17087. While malicious code was running inside Google Chrome, Windows Zero Day increased the privileges of the code to attack the Windows operating system. Ben Hawkes, the technical lead for Google’s Project Zero, an elite team of bug hunters, has said that Microsoft is is expected to issue a security patch to fix its security flaw on November 10.

While Google’s TAG did not reveal whether the two bugs were being exploited by the same threat actors, it confirmed that the motive for the attackers was not related to the US presidential election.

hashantagari

Leave a Reply

Your email address will not be published. Required fields are marked *