Security News > 2020 > November > Two New Chrome 0-Days Under Active Attacks – Update Your Browser
Google has patched two more zero-day flaws in the Chrome web browser for desktop, making it the fourth and fifth actively exploited vulnerabilities addressed by the search giant in recent weeks.
Tracked as CVE-2020-16013 and CVE-2020-16017, the flaws were discovered and reported to Google by "Anonymous" sources, unlike previous cases, which were uncovered by the company's Project Zero elite security team.
It's not immediately clear if the two flaws are related.
Over the last week, Google disclosed a number of actively exploited zero-day flaws targeting Chrome, Windows, and Apple's iOS and macOS, and while it appears that some of these issues were strung together to form an exploit chain, the company is yet to reveal key details about who may have been using them and who were the intended targets.
It's advised that users update their devices to the latest Chrome version to mitigate the risk associated with the two flaws.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/-X8FCvCINVo/two-new-chrome-0-days-under-active.html
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-08 | CVE-2020-16013 | Out-of-bounds Write vulnerability in Google Chrome Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-01-08 | CVE-2020-16017 | Use After Free vulnerability in Google Chrome Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |