Google Chrome Gets Second Security Patch for Critical Zero-Day Bug in Two Weeks

Google has began rolling out a brand new safety replace for its Chrome browser on desktops. The new patch contains fixes to a complete of 10 bugs in the browser, together with a zero-day vulnerability — the second to have been seen by Google’s Threat Analysis Group (TAG) that tracks menace actors in the final two weeks. As at all times, Google says that particulars of the bug and hyperlinks will not be revealed until a majority of Chrome customers have put in the replace and the vulnerabilities are additionally fastened in any associated third-party library. A zero-day vulnerability refers to a not too long ago found software program safety flaw that might have been already exploited by hackers.

The Google Chrome safety patch model 86.0.4240.183 is being launched for techniques working on Windows, Mac, and Linux. Google in a blog published on the Chrome replace on November 2 stated that it was conscious of experiences that an exploit of the actual zero-day vulnerability recognized as CVE-2020-16009 exists in the wild. The changelog of the replace solely has a passing point out that the zero-day bug was in V8 — an open-source JavaScript engine designed for Google Chrome and can also be utilized by different Chromium browsers, equivalent to Microsoft Edge and Opera.

The zero-day problem that the most recent patch fixes is the second to be spotted in the final two weeks and the fourth in the final 12 months. Google had final launched a safety patch on October 20 to repair CVE-2020-15999 — an actively exploited reminiscence corruption bug in the FreeType font rendering library inside Chrome. A couple of days after releasing a safety patch to repair it, Google on October 30 revealed that the zero-day CVE-2020-15999 was being exploited in conjunction with a home windows zero-day vulnerability recognized as CVE-2020-17087. While the malicious code was being executed inside Google Chrome, the Windows zero-day was growing the code’s privileges to assault the Windows OS. Ben Hawkes, the technical lead of Google’s Project Zero, an elite group of bug hunters, has stated that Microsoft is expected to issue a safety patch to repair their safety flaw on November 10.

While Google’s TAG didn’t reveal if the 2 bugs have been being exploited by the identical menace actors, it confirmed that the motive of the attackers was unrelated to the US presidential elections.


Is Mi Notebook 14 sequence the most effective reasonably priced laptop computer vary for India? We mentioned this on Orbital, our weekly expertise podcast, which you’ll subscribe to by way of Apple Podcasts or RSS, download the episode, or simply hit the play button beneath.

For the most recent tech news and reviews, observe Gadgets 360 on Twitter, Facebook, and Google News. For the most recent movies on devices and tech, subscribe to our YouTube channel.

Veer Arjun Singh

Spotify Will Let Artists, Labels, Choose Which Songs to Promote in Radio, Autoplay

Related Stories





Source link

About The Author