Google Chrome Gets Second Patch for Zero-Day Bug in Two Weeks

56
- Advertisement -

Google has began rolling out a new security upgrade for its Chrome browser on desktops. The new patch consists of fixes to a complete of 10 bugs within the browser, together with a zero-day vulnerability — the second to have been observed by Google’s Threat Analysis Group (TAG) that tracks risk actors within the last two weeks. As all the time, Google says that particulars of the bug and hyperlinks will not be revealed until a majority of Chrome customers have put in the upgrade and the vulnerabilities are also fastened in any associated third-party library. A zero-day vulnerability refers to a not too long ago found software program security flaw that would have been already exploited by hackers.

The Google Chrome security patch model 86.0.4240.183 is being launched for techniques operating on Windows, Mac, and Linux. Google in a weblog revealed on the Chrome upgrade on November 2 stated that it was conscious of stories that an exploit of the actual zero-day vulnerability recognized as CVE-2020-16009 exists within the wild. The changelog of the upgrade just has a passing point out that the zero-day bug was in V8 — an open-source JavaScript engine designed for Google Chrome and can also be utilized by different Chromium browsers, similar to Microsoft Edge and Opera.

- Advertisement -

The zero-day problem that the most recent patch fixes is the second to be noticed within the last two weeks and the fourth within the last 12 months. Google had last launched a security patch on October 20 to repair CVE-2020-15999 — an actively exploited reminiscence corruption bug within the FreeType font rendering library inside Chrome. A number of days after releasing a security patch to repair it, Google on October 30 revealed that the zero-day CVE-2020-15999 was being exploited together with a home windows zero-day vulnerability recognized as CVE-2020-17087. While the malicious code was being executed inside Google Chrome, the Windows zero-day was rising the code’s privileges to assault the Windows OS. Ben Hawkes, the technical lead of Google’s Project Zero, an elite crew of bug hunters, has stated that Microsoft is anticipated to problem a security patch to repair their security flaw on November 10.

While Google’s TAG didn’t reveal if the 2 bugs had been being exploited by the similar risk actors, it confirmed that the motive of the attackers was unrelated to the US presidential elections.

Is Mi Notebook 14 series the most effective inexpensive laptop vary for India? We mentioned this on Orbital, our weekly automation podcast, which you’ll be able to subscribe to by way of Apple Podcasts or RSS, obtain the episode, or simply hit the play button below.

Spotify Will Let Artists, Labels, Choose Which Songs to Promote in Radio, Autoplay Related Stories

[Attribution Gadgets360]

- Advertisement -