Security News > 2020 > November > Google patches one more actively exploited Chrome zero-day
2020-11-02 15:13
Google today released Chrome 86.0.4240.183 for Windows, Mac, and Linux to address 10 security vulnerabilities including a remote code execution zero-day exploited in the wild.
Today, Google patched another zero-day in Chrome for Android exploited in the wild, a sandbox escape vulnerability tracked as CVE-2020-16010.
Today Chrome fixed two more vulnerabilities that were being actively exploited in the wild.
CVE-2020-16009 is the second actively exploited Chrome zero-day patched within the last two weeks after a heap buffer overflow zero-day bug found in the FreeType text-rendering library.
Update November 02, 16:52 EST: Added info on actively exploited zero-day in Chrome for Android.
News URL
Related news
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) (source)
- Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Google increases Chrome bug bounty rewards up to $250,000 (source)
- North Korean hackers exploit Chrome zero-day to deploy rootkit (source)
- North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-03 | CVE-2020-16009 | Type Confusion vulnerability in multiple products Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2020-11-03 | CVE-2020-16010 | Out-of-bounds Write vulnerability in Google Chrome Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 8.8 |