Security News > 2020 > November > Google patches one more actively exploited Chrome zero-day
2020-11-02 15:13
Google today released Chrome 86.0.4240.183 for Windows, Mac, and Linux to address 10 security vulnerabilities including a remote code execution zero-day exploited in the wild.
Today, Google patched another zero-day in Chrome for Android exploited in the wild, a sandbox escape vulnerability tracked as CVE-2020-16010.
Today Chrome fixed two more vulnerabilities that were being actively exploited in the wild.
CVE-2020-16009 is the second actively exploited Chrome zero-day patched within the last two weeks after a heap buffer overflow zero-day bug found in the FreeType text-rendering library.
Update November 02, 16:52 EST: Added info on actively exploited zero-day in Chrome for Android.
News URL
Related news
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- After Chrome patches zero-day used to target Russians, Firefox splats similar bug (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-03 | CVE-2020-16009 | Type Confusion vulnerability in multiple products Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2020-11-03 | CVE-2020-16010 | Out-of-bounds Write vulnerability in Google Chrome Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 8.8 |