Security News > 2020 > October > Chrome zero-day in the wild – patch now!
A trip to the About Chrome or About Chromium dialog should give the version identifier 86.0.4240.111.
If you're in the habit of rarely shutting down your computer, or even of rarely exiting from your browser, now would be a good "Rare moment" to give Chrome a chance to ingest the update.
The reason for making sure you've got this particular update is not only that five security bugs have been patched, including one buffer overflow and three use-after-free vulnerabilities, but also that one of these bugs, designated CVE-2020-15999, is already known to attackers.
Even though an attack is already known in the wild, Google has included its customary notification that the update will "Roll out over the coming days/weeks", presumably because some Chrome users are dependent on their vendor to push out fixes.
Worse still, for Chrome on Android, Google Play says simply that the current version number "Varies with device."
News URL
https://nakedsecurity.sophos.com/2020/10/21/chrome-zero-day-in-the-wild-patch-now/
Related news
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-03 | CVE-2020-15999 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 9.6 |