The updates come on the heels of news of attacks exploiting another zero-day in Chrome in tandem with a previously-unknown Windows flaw
Two weeks after patching an actively-exploited vulnerability affecting Chrome for desktop, Google is squashing another zero-day bug in the browser’s version for Windows, macOS, and Linux, as well as pushing out an update for Chrome for Android that plugs yet another security loophole that is being exploited in the wild.
Today Chrome fixed two more vulnerabilities that were being actively exploited in the wild (discovered by Project Zero/Google TAG last week). CVE-2020-16009 is a v8 bug used for remote code execution, CVE-2020-16010 is a Chrome sandbox escape for Android. https://t.co/IOhFwT0Wx1
— Ben Hawkes (@benhawkes) November 2, 2020
“Google is aware of reports that an exploit for CVE-2020-16009 exists in the wild,” said the tech giant about the newly-disclosed flaw that stems from an inappropriate implementation in the V8 JavaScript engine and impacts the browser’s desktop versions.
The bug, classified as high-severity, was discovered by researchers from Google’s Threat Analysis Group and Project Zero. Details about the vulnerability are very sparse due to Google’s policy that clearly states that “access to bug details and links may be kept restricted until a majority of users are updated with a fix.”
