The users who are using desktop Google Chrome will once again get a security update for their browsers as 2 new Chrome Zero-day exploits are being identified in the Chrome browser. These zero-day could allow an unauthenticated attacker to compromise the user’s system via web and according to Google, these zero-days are under active exploitation.
A stable update for the two zero-days will be rolled out within a few days/weeks. The zero-day vulnerability can be tracked as CVE-2020-16013 and CVE-2020-16017. According to Google, these 2 new Chrome Zero-day exploits are under active exploitation.
The stable channel has been updated to 86.0.4240.198 for Windows, Mac & Linux which will roll out over the coming days/weeks.Prudhvikumar Bommana said in a blog post
Both the vulnerabilities are marked as high severity as a rating of 8.4 out of 10 on the CVSS bug-severity scale.
The CVE-2020-16013 was due to incorrect implementation in V8 in Google Chrome that could allow an attacker to trick the victim into visiting a specially crafted web page and compromise their system. The CVE-2020-16017 was present due to a use-after-free error within the site isolation component in Google Chrome. Any remote attacker can trick a victim to visit a specially crafted web page that triggers a use-after-free error and execute arbitrary code on the target system.
Last week Google patched two more zero-day vulnerability in Google’s Chrome desktop and Android-based browsers that was discovered by researchers at Google’s Threat Analysis Group and Google Project Zero.