Recently, Google has released two new patches for two new actively exploited vulnerabilities in Google Chrome. And it’s the fourth and fifth zero-day security flaws detected in the browser over the past few weeks.
Google fixed these two actively exploited security flaws in Chrome version 86.0.4240.198 for Windows, Mac, and Linux; And users will receive the security updates in the next few days/weeks.
Apart from this, these two security flaws, “CVE-2020-16013 and CVE-2020-16017,” were not discovered by Google Project Zero, as they were discovered by anonymous researchers.
However, Google is aware of the existence of these exploits for them but didn’t provide any more information until all the users receive the patched version of Google Chrome.
- CVE-2020-16017: Post-Release Memory Corruption Vulnerability in Site Isolation Function. This flaw is reported by Anonymous to Google on 2020-11-07.
Moreover, it’s remarkable that the zero-day vulnerability in Chrome “CVE-2020-16009,” which was fixed last week, also endures due to an incorrect implementation of the V8 engine and allows RCE (Remote Code Execution).
But, for now, Google has not yet confirmed any details about these two vulnerabilities that were recently patched, as first, they want to make available the patched version of Chrome for all its users.
While recently, Google has reported a number of vulnerabilities that are actively exploited by hackers, not only in Chrome but also in Windows, iOS, and macOS.
Although some of them have been merged into a single chain of exploits but, Google has not yet revealed the name of cybercriminal groups using them or the victims.
Since the update is rolling out in stages and may take some time to reach all users, in the meantime, Google has strongly recommended all its users to check for the latest update by clicking the three-dot button in the upper right corner of the browser window > Help > About Google Chrome, to avoid possible cyber attacks.