Security News > 2020 > November > Two New Chrome 0-Days Under Active Attacks – Update Your Browser

Two New Chrome 0-Days Under Active Attacks – Update Your Browser
2020-11-11 19:36

Google has patched two more zero-day flaws in the Chrome web browser for desktop, making it the fourth and fifth actively exploited vulnerabilities addressed by the search giant in recent weeks.

Tracked as CVE-2020-16013 and CVE-2020-16017, the flaws were discovered and reported to Google by "Anonymous" sources, unlike previous cases, which were uncovered by the company's Project Zero elite security team.

It's not immediately clear if the two flaws are related.

Over the last week, Google disclosed a number of actively exploited zero-day flaws targeting Chrome, Windows, and Apple's iOS and macOS, and while it appears that some of these issues were strung together to form an exploit chain, the company is yet to reveal key details about who may have been using them and who were the intended targets.

It's advised that users update their devices to the latest Chrome version to mitigate the risk associated with the two flaws.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/-X8FCvCINVo/two-new-chrome-0-days-under-active.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-01-08 CVE-2020-16013 Out-of-bounds Write vulnerability in Google Chrome
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
google CWE-787
6.8
6.8
2021-01-08 CVE-2020-16017 Use After Free vulnerability in Google Chrome
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
google CWE-416
6.8
6.8