Security News > 2020 > November > Another Chrome zero-day, this time on Android – check your version!
We advised everyone to look for a Chrome or Chromium version number ending in.111, given that the previous mainstream version turned out to include a buffer overflow bug that was already known to cybercriminals.
The ultimate sort of crack - the gold-medal-with-a-laurel-wreath version - was one that came out with a zero-day delay, where the game and its revenue-busting crack appeared on the very same day.
Well, the bad news is that there's another vital update to Chrome, which means that users on Windows, Linux and Mac should now be looking for a version number of 86.0.4240.183, not for 86.0.4240.111.
On Android, things are worse, and the version you need is 86.0.4240.185, because the Android patches include a fix for an additional bug, dubbed CVE-2020-16010, that is apparently unique to the Android version of Chrome.
As usual, despite what sounds like a serious problem in the standard Android browser, Google can offer little more by way of consolation than its usual disclaimer that the new version will "Become available on Google Play over the next few weeks."
News URL
Related news
- Chrome will redact credit cards, passwords when you share Android screen (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) (source)
- Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- North Korean hackers exploit Chrome zero-day to deploy rootkit (source)
- North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit (source)
- New Chrome Zero-Day (source)
- New Octo Android malware version impersonates NordVPN, Google Chrome (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-03 | CVE-2020-16010 | Out-of-bounds Write vulnerability in Google Chrome Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 8.8 |