Google has patched a second actively exploited zero-day flaw in the Chrome browser in two weeks, along with addressing nine other security vulnerabilities in its latest update.
The company released 86.0.4240.183 for Windows, Mac, and Linux, which it said will be rolling out over the coming days/weeks to all users.
The zero-day flaw, tracked as CVE-2020-16009, was reported by Clement Lecigne of Google’s Threat Analysis Group (TAG) and Samuel Groß of Google Project Zero on October 29.
The company also warned that it “is aware of reports that an exploit for CVE-2020-16009 exists in the wild.”
Google hasn’t made any details about the bug or the exploit used by threat actors public so as to allow a majority of users to install the updates and prevent other adversaries from developing their own exploits leveraging the flaw.
But Ben Hawkes, Google Project Zero’s technical lead, said CVE-2020-16009 concerned an “inappropriate implementation” of its V8 JavaScript rendering engine leading to remote code execution.
Aside from the ten security fixes for the desktop version of Chrome, Google has also addressed a separate zero-day in Chrome for Android that was being exploited in the wild…
http://feedproxy.google.com/~r/TheHackersNews/~3/tywlDpg-pVc/new-chrome-zero-day-under-active.html