Security News > 2020 > October > Chrome zero-day in the wild – patch now!
A trip to the About Chrome or About Chromium dialog should give the version identifier 86.0.4240.111.
If you're in the habit of rarely shutting down your computer, or even of rarely exiting from your browser, now would be a good "Rare moment" to give Chrome a chance to ingest the update.
The reason for making sure you've got this particular update is not only that five security bugs have been patched, including one buffer overflow and three use-after-free vulnerabilities, but also that one of these bugs, designated CVE-2020-15999, is already known to attackers.
Even though an attack is already known in the wild, Google has included its customary notification that the update will "Roll out over the coming days/weeks", presumably because some Chrome users are dependent on their vendor to push out fixes.
Worse still, for Chrome on Android, Google Play says simply that the current version number "Varies with device."
News URL
https://nakedsecurity.sophos.com/2020/10/21/chrome-zero-day-in-the-wild-patch-now/
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- After Chrome patches zero-day used to target Russians, Firefox splats similar bug (source)
- Chrome to patch decades-old flaw that let sites peek at your history (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Emergency patch for potential SAP zero-day that could grant full system control (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-03 | CVE-2020-15999 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 9.6 |