Google patches two new zero‑day flaws in Chrome

Google patches two new zero‑day flaws in Chrome

The last three weeks have seen a bumper crop of patches for zero-day bugs across software from Google, Apple and Microsoft



Google has patched two new zero-day vulnerabilities in its Chrome web browser, bringing to five the number of fixes for actively-exploited bugs in the browser over the past three weeks.


“Google is aware of reports that exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild,” said Google about the vulnerabilities affecting the browser’s Windows, macOS, and Linux versions. Details about the security loopholes remain sparse, although the tech giant did disclose that both are classified as high-severity and were reported by external researchers who wish to remain anonymous.


One of the flaws (CVE-2020-16013) is caused by inappropriate implementation in the V8 JavaScript engine, whereas the other security hole (CVE-2020-16017) is a use-after-free memory corruption flaw located in Site Isolation, a Chrome security feature that isolates websites into sandboxes, limiting their interaction with one another.


Users would be well advised to update their browsers to the latest version (86.0.4240.198) as soon as practicable. If you have automatic updates enabled, your browser should update by itself. Otherwise, you’ll have to do it manually by navigating to the About Google Chrome section, which can be found under Help in the side menu.


A bumper crop of patches


It’s been an unusually busy season for ..

Support the originator by clicking the read the rest link below.