Security News > 2020 > November > Google fixes two actively exploited Chrome zero-days (CVE-2020-16009, CVE-2020-16010)

Google fixes two actively exploited Chrome zero-days (CVE-2020-16009, CVE-2020-16010)
2020-11-04 12:03

For the third time in two weeks, Google has patched Chrome zero-day vulnerabilities that are being actively exploited in the wild: CVE-2020-16009 is present in the desktop version of the browser, CVE-2020-16010 in the mobile version.

The former was found and reported by Clement Lecigne of Google's Threat Analysis Group and Samuel Groß of Google Project Zero, the latter by Maddie Stone, Mark Brand, and Sergei Glazunov of Google Project Zero.

The company did not say whether these Chrome zero-days and the one fixed two weeks ago - which is exploited in conjunction with CVE-2020-17087, a Windows kernel zero-day - are being leveraged by the same attackers.

Chrome version 86.0.4240.183 for Windows, macOS and Linux is the latest stable version that contains fixes for CVE-2020-16009 and nine additional vulnerabilities.

Chrome v86.0.4240.185 for Android contains all the aforementioned fixes plus the one for CVE-2020-16010.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/2g4pq1D6qsA/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-11-11 CVE-2020-17087 Incorrect Calculation of Buffer Size vulnerability in Microsoft products
Windows Kernel Local Elevation of Privilege Vulnerability
0.0
2020-11-03 CVE-2020-16009 Type Confusion vulnerability in multiple products
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8
2020-11-03 CVE-2020-16010 Out-of-bounds Write vulnerability in Google Chrome
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google CWE-787
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4320 4678 741 9995