2 New Chrome Zero-Day Vulnerabilities Under Active Attacks – Update Your Browser Now

Recently, Google has released two new patches for two new actively exploited vulnerabilities in Google Chrome. And it’s the fourth and fifth zero-day security flaws detected in the browser over the past few weeks. 

Google fixed these two actively exploited security flaws in Chrome version 86.0.4240.198 for Windows, Mac, and Linux; And users will receive the security updates in the next few days/weeks.

Apart from this, these two security flaws, “CVE-2020-16013 and CVE-2020-16017,” were not discovered by Google Project Zero, as they were discovered by anonymous researchers. 

However, Google is aware of the existence of these exploits for them but didn’t provide any more information until all the users receive the patched version of Google Chrome.

Flaws Detected

  • CVE-2020-16013: Improper implementation in the V8 engine for JavaScript rendering. This flaw is reported by Anonymous to Google on 2020-11-09.
  • CVE-2020-16017: Post-Release Memory Corruption Vulnerability in Site Isolation Function. This flaw is reported by Anonymous to Google on 2020-11-07.

Moreover, it’s remarkable that the zero-day vulnerability in Chrome “CVE-2020-16009,” which was fixed last week, also endures due to an incorrect implementation of the V8 engine and allows RCE (Remote Code Execution). 

But, for now, Google has not yet confirmed any details about these two vulnerabilities that were recently patched, as first, they want to make available the patched version of Chrome for all its users.

While recently, Google has reported a number of vulnerabilities that are actively exploited by hackers, not only in Chrome but also in Windows, iOS, and macOS. 

Although some of them have been merged into a single chain of exploits but, Google has not yet revealed the name of cybercriminal groups using them or the victims. 

Since the update is rolling out in stages and may take some time to reach all users, in the meantime, Google has strongly recommended all its users to check for the latest update by clicking the three-dot button in the upper right corner of the browser window > Help > About Google Chrome, to avoid possible cyber attacks.

Also Read: Google Alternatives 2020 – 10 Best Search Engines That You Can Use Instead of Google

You can follow us on LinkedinTwitterFacebook for daily Cyber security and hacking news updates.

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.