Security News > 2020 > November > 2 More Google Chrome Zero-Days Under Active Exploitation
Google is asking Chrome desktop users to prepare to update their browsers once again as two more zero-day vulnerabilities have been identified in the software.
CVE-2020-16017 is described by Google as a "Use-after-free in site isolation," which is the Chrome component that isolates the data of different sites from each other.
The latest spate of Chrome zero-day discoveries and patches started on Oct. 19, when security researcher Sergei Glazunov of Google Project Zero discovered a type of memory-corruption flaw called a heap-buffer overflow in FreeType that was being actively exploited.
Google patched two separate zero-day flaws in Google's Chrome desktop and Android-based browsers.
The desktop bug is the aforementioned V8 vulnerability, which could be used for remote code-execution discovered by researchers at Google's Threat Analysis Group and Google Project Zero.
News URL
https://threatpost.com/2-zero-day-bugs-google-chrome/161160/
Related news
- Google Chrome’s AI feature lets you quickly check website trustworthiness (source)
- Google Chrome uses AI to analyze pages in new scam detection feature (source)
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Google Chrome is making it easier to share specific parts of long PDFs (source)
- Google says new scam protection feature in Chrome uses AI (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-08 | CVE-2020-16017 | Use After Free vulnerability in Google Chrome Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |