Security News > 2020 > November > Google Patches Actively Exploited Chrome Vulnerabilities
2020-11-03 14:35
Google has released updates to address multiple vulnerabilities in the Chrome browser, including two that are actively exploited in attacks.
Less than two weeks ago, Google released patches for other high-severity flaws in Chrome, including CVE-2020-15999, an actively exploited zero-day in FreeType.
This week, Google also announced the availability of a patch for CVE-2020-16010, a high-severity flaw impacting Chrome for Android, which has also been exploited in the wild.
Google Project Zero's Ben Hawkes noted on Twitter that both vulnerabilities were identified last week.
The company did not provide details on the amount paid for CVE-2020-16008 and notes that no bounty was awarded for the two actively exploited flaws.
News URL
Related news
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Google increases Chrome bug bounty rewards up to $250,000 (source)
- Google Chrome gets a mind of its own for some security fixes (source)
- Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense (source)
- Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature (source)
- New Google Chrome feature will translate complex pages in real time (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-03 | CVE-2020-15999 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 |
| 2020-11-03 | CVE-2020-16008 | Out-of-bounds Write vulnerability in multiple products Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. | 8.8 |
| 2020-11-03 | CVE-2020-16010 | Out-of-bounds Write vulnerability in Google Chrome Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 8.8 |