Security News > 2020 > November > Google patches one more actively exploited Chrome zero-day
2020-11-02 15:13
Google today released Chrome 86.0.4240.183 for Windows, Mac, and Linux to address 10 security vulnerabilities including a remote code execution zero-day exploited in the wild.
Today, Google patched another zero-day in Chrome for Android exploited in the wild, a sandbox escape vulnerability tracked as CVE-2020-16010.
Today Chrome fixed two more vulnerabilities that were being actively exploited in the wild.
CVE-2020-16009 is the second actively exploited Chrome zero-day patched within the last two weeks after a heap buffer overflow zero-day bug found in the FreeType text-rendering library.
Update November 02, 16:52 EST: Added info on actively exploited zero-day in Chrome for Android.
News URL
Related news
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- After Chrome patches zero-day used to target Russians, Firefox splats similar bug (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito (source)
- Google: 97 zero-days exploited in 2024, over 50% in spyware attacks (source)
- Google Reports 75 Zero-Days Exploited in 2024 — 44% Targeted Enterprise Security Products (source)
- Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-03 | CVE-2020-16009 | Type Confusion vulnerability in multiple products Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2020-11-03 | CVE-2020-16010 | Out-of-bounds Write vulnerability in Google Chrome Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 8.8 |