Security News > 2020 > November > Another Chrome zero-day, this time on Android – check your version!

Another Chrome zero-day, this time on Android – check your version!
2020-11-04 18:56

We advised everyone to look for a Chrome or Chromium version number ending in.111, given that the previous mainstream version turned out to include a buffer overflow bug that was already known to cybercriminals.

The ultimate sort of crack - the gold-medal-with-a-laurel-wreath version - was one that came out with a zero-day delay, where the game and its revenue-busting crack appeared on the very same day.

Well, the bad news is that there's another vital update to Chrome, which means that users on Windows, Linux and Mac should now be looking for a version number of 86.0.4240.183, not for 86.0.4240.111.

On Android, things are worse, and the version you need is 86.0.4240.185, because the Android patches include a fix for an additional bug, dubbed CVE-2020-16010, that is apparently unique to the Android version of Chrome.

As usual, despite what sounds like a serious problem in the standard Android browser, Google can offer little more by way of consolation than its usual disclaimer that the new version will "Become available on Google Play over the next few weeks."


News URL

https://nakedsecurity.sophos.com/2020/11/04/another-chrome-zero-day-this-time-on-android-check-your-version/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-11-03 CVE-2020-16010 Out-of-bounds Write vulnerability in Google Chrome
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google CWE-787
8.8