Security News > 2020 > October > Chrome zero-day in the wild – patch now!
A trip to the About Chrome or About Chromium dialog should give the version identifier 86.0.4240.111.
If you're in the habit of rarely shutting down your computer, or even of rarely exiting from your browser, now would be a good "Rare moment" to give Chrome a chance to ingest the update.
The reason for making sure you've got this particular update is not only that five security bugs have been patched, including one buffer overflow and three use-after-free vulnerabilities, but also that one of these bugs, designated CVE-2020-15999, is already known to attackers.
Even though an attack is already known in the wild, Google has included its customary notification that the update will "Roll out over the coming days/weeks", presumably because some Chrome users are dependent on their vendor to push out fixes.
Worse still, for Chrome on Android, Google Play says simply that the current version number "Varies with device."
News URL
https://nakedsecurity.sophos.com/2020/10/21/chrome-zero-day-in-the-wild-patch-now/
Related news
- New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) (source)
- Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- North Korean hackers exploit Chrome zero-day to deploy rootkit (source)
- North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit (source)
- New Chrome Zero-Day (source)
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-03 | CVE-2020-15999 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 |