Security News > 2020 > November > Google fixes more Chrome zero-days exploited in the wild
2020-11-12 13:45
Google has released Chrome 86.0.4240.198 for Windows, Mac, and Linux to address two zero-day vulnerabilities exploited in the wild.
Google Chrome 86.0.4240.198 will roll out over the coming days.
In total, also counting CVE-2020-16013 and CVE-2020-16017, Google has patched five zero-days exploited in the wild since October 20.
With the release of Chrome 86.0.4240.111, the company fixed an actively exploited 0day in the FreeType text rendering library discovered by Google's Project Zero bug-hunting team.
On the same day, Google fixed another zero-day in Chrome for Android, a sandbox escape vulnerability also exploited in the wild.
News URL
Related news
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- After Chrome patches zero-day used to target Russians, Firefox splats similar bug (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-08 | CVE-2020-16013 | Out-of-bounds Write vulnerability in Google Chrome Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-01-08 | CVE-2020-16017 | Use After Free vulnerability in Google Chrome Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |