Security News > 2020 > November > If you're an update laggard, buck up: Chrome zero-days are being exploited in the wild

If you're an update laggard, buck up: Chrome zero-days are being exploited in the wild
2020-11-04 20:15

Patch Google Chrome with the latest updates - if you don't, you're vulnerable to a zero-day that is actively being exploited, the US Cybersecurity and Infrastructure Security Agency has warned.

Criminals are targeting users of Chrome with outdated installations, CISA said in an advisory note urging folk to update their browsers immediately.

"Google has released Chrome version 86.0.4240.183 for Windows, Mac, and Linux addressing multiple vulnerabilities, including vulnerability CVE-2020-16009. Exploit code for this vulnerability exists in the wild," said the agency in a statement.

The vuln affects the desktop version of Chrome and is a remote code execution bug publicly uncovered by Google's Project Zero infosec bods.

Separate patches for the Android version of Chrome fix a similar actively exploited vuln tracked as CVE-2020-16010, explained only as a "Heap buffer overflow in UI on Android".


News URL

https://go.theregister.com/feed/www.theregister.com/2020/11/04/google_chrome_critical_updates/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-11-03 CVE-2020-16009 Type Confusion vulnerability in multiple products
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8
2020-11-03 CVE-2020-16010 Out-of-bounds Write vulnerability in Google Chrome
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google CWE-787
8.8