Security News > 2020 > November > 2 More Google Chrome Zero-Days Under Active Exploitation
Google is asking Chrome desktop users to prepare to update their browsers once again as two more zero-day vulnerabilities have been identified in the software.
CVE-2020-16017 is described by Google as a "Use-after-free in site isolation," which is the Chrome component that isolates the data of different sites from each other.
The latest spate of Chrome zero-day discoveries and patches started on Oct. 19, when security researcher Sergei Glazunov of Google Project Zero discovered a type of memory-corruption flaw called a heap-buffer overflow in FreeType that was being actively exploited.
Google patched two separate zero-day flaws in Google's Chrome desktop and Android-based browsers.
The desktop bug is the aforementioned V8 vulnerability, which could be used for remote code-execution discovered by researchers at Google's Threat Analysis Group and Google Project Zero.
News URL
https://threatpost.com/2-zero-day-bugs-google-chrome/161160/
Related news
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- After Chrome patches zero-day used to target Russians, Firefox splats similar bug (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-08 | CVE-2020-16017 | Use After Free vulnerability in Google Chrome Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |