1 min read

Google Chrome Gets 2nd Security Patch

Google has begun to release the latest security update for its Chrome browser on desktops. The latest patch comprises of fixes to a total of ten bugs in the browser, containing a 0-day vulnerability which is actually the 2nd to have been seen by Google’s Threat Analysis Group or otherwise known as that tracks threat actors in the previous 2 weeks. At all times, Google has said that information on the bug and links would not be disclosed till most of the users of Chrome users have updated and the susceptibilities are also solved in any related 3rd party library. A 0-day susceptibility refers to a presently explored software security fault that could have been already browbeaten by hackers.

The security patch version 86.0.4240.183 of Google Chrome is being rolled out for systems that can run on Windows, Mac, and Linux. The company has published in a blog post on the Chrome update on 2nd November and they said that they were aware of reports that an exploit of the specific 0-day susceptibility recognized as CVE-2020-16009 occurs in the wild. The changelog of the update just has a passing mention that the 0-day bug was in V8 which is an open-source JavaScript engine structured for Google Chrome and is further used by other Chromium browsers, like Microsoft Edge as well as Opera.

 

Image from Google

 

The 0-day problem that the newest patch fixes is the 2nd to be seen in the previous 2 weeks and the 4th in the last 1 year. The search giant had the last rolled-out a security patch on 20th October to solve CVE-2020-15999 which is an actively exploited memory corruption bug in the FreeType font interpreting library inside Chrome. After few days when the security patch was released to fix it, Google on 30th October disclosed that the 0-day CVE-2020-15999 was being exploited in combination with windows 0-day susceptibility recognized as CVE-2020-17087. While the spiteful code was being implemented within Google Chrome, Windows 0-day was snowballing the code’s freedoms to attack the Windows Operating System. The technical lead of Google’s Project Zero is a leading team of bug hunters, has said that Microsoft is desired to publish a security patch to solve their security flaw on 10th November.

While Google’s TAG hadn’t disclosed if the 2 bugs were being subjugated by the same threat actors, it approved that the reason for the attackers was unconnected to the United States presidential elections.