Security News > 2020 > October > Chrome zero-day in the wild – patch now!
A trip to the About Chrome or About Chromium dialog should give the version identifier 86.0.4240.111.
If you're in the habit of rarely shutting down your computer, or even of rarely exiting from your browser, now would be a good "Rare moment" to give Chrome a chance to ingest the update.
The reason for making sure you've got this particular update is not only that five security bugs have been patched, including one buffer overflow and three use-after-free vulnerabilities, but also that one of these bugs, designated CVE-2020-15999, is already known to attackers.
Even though an attack is already known in the wild, Google has included its customary notification that the update will "Roll out over the coming days/weeks", presumably because some Chrome users are dependent on their vendor to push out fixes.
Worse still, for Chrome on Android, Google Play says simply that the current version number "Varies with device."
News URL
https://nakedsecurity.sophos.com/2020/10/21/chrome-zero-day-in-the-wild-patch-now/
Related news
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-03 | CVE-2020-15999 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 |