Security News

Google's Project Zero has discovered and published a buffer overflow vulnerability in the Windows Kernel Cryptography Driver. Attackers were combining an exploit for it with a separate one targeting a recently fixed flaw in Chrome.

Google today released Chrome 86.0.4240.183 for Windows, Mac, and Linux to address 10 security vulnerabilities including a remote code execution zero-day exploited in the wild. Today, Google patched another zero-day in Chrome for Android exploited in the wild, a sandbox escape vulnerability tracked as CVE-2020-16010.

A high-severity Windows driver bug is being exploited in the wild as a zero-day. The security vulnerability was disclosed by Google Project Zero just seven days after it was reported, since cybercriminals are already exploiting it, according to researchers.

Google researchers have made public a Windows kernel zero day vulnerability that is being exploited in the wild in tandem with a Google Chrome flaw that has been patched on October 20. CVE-2020-17087 is a vulnerability in the Windows Kernel Cryptography Driver, and "Constitutes a locally accessible attack surface that can be exploited for privilege escalation."

Google has disclosed details of a new zero-day privilege escalation flaw in the Windows operating system that's being actively exploited in the wild. The elevation of privileges vulnerability, tracked as CVE-2020-17087, concerns a buffer overflow present since at least Windows 7 in the Windows Kernel Cryptography Driver that can be exploited for a sandbox escape.

Project Zero, Google's 0day bug-hunting team, today disclosed a zero-day elevation of privileges vulnerability found in the Windows kernel and actively exploited in targeted attacks. The Windows kernel bug zero-day can be exploited by local attackers for privilege escalation according to Project Zero security researchers Mateusz Jurczyk and Sergei Glazunov.

A trip to the About Chrome or About Chromium dialog should give the version identifier 86.0.4240.111. If you're in the habit of rarely shutting down your computer, or even of rarely exiting from your browser, now would be a good "Rare moment" to give Chrome a chance to ingest the update.

Google released an update to its Chrome browser that patches a zero-day vulnerability in the software's FreeType font rendering library that was actively being exploited in the wild. Security researcher Sergei Glazunov of Google Project Zero discovered the bug which is classified as a type of memory-corruption flaw called a heap buffer overflow in FreeType.

Google has released Chrome 86.0.4240.111 today, October 20th, 2020, to the Stable desktop channel to address five security vulnerabilities, one of them an actively exploited zero-day bug. "Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild," the Google Chrome 86.0.4240.111 announcement reads.

A new Mirai-based botnet is targeting zero-day vulnerabilities in Tenda routers, according to researchers at 360 Netlab, a unit of Chinese cybersecurity company Qihoo 360. In order to circumvent detection of typical traffic generated by Mirai botnets, Ttint uses the WSS protocol for communication with the command and control server, and also uses encryption.