Security News > 2020 > November > Google Patches Actively Exploited Chrome Vulnerabilities
2020-11-03 14:35
Google has released updates to address multiple vulnerabilities in the Chrome browser, including two that are actively exploited in attacks.
Less than two weeks ago, Google released patches for other high-severity flaws in Chrome, including CVE-2020-15999, an actively exploited zero-day in FreeType.
This week, Google also announced the availability of a patch for CVE-2020-16010, a high-severity flaw impacting Chrome for Android, which has also been exploited in the wild.
Google Project Zero's Ben Hawkes noted on Twitter that both vulnerabilities were identified last week.
The company did not provide details on the amount paid for CVE-2020-16008 and notes that no bounty was awarded for the two actively exploited flaws.
News URL
Related news
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-03 | CVE-2020-15999 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 9.6 |
| 2020-11-03 | CVE-2020-16008 | Out-of-bounds Write vulnerability in multiple products Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. | 8.8 |
| 2020-11-03 | CVE-2020-16010 | Out-of-bounds Write vulnerability in Google Chrome Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 8.8 |