قالب وردپرس درنا توس
Home / Technology / Google patched Chrome zero-day for a second two weeks

Google patched Chrome zero-day for a second two weeks



Chrome browser

Image: Google

Google released a security update today for its Chrome web browser, a ten-piece security fix, including a zero-day vulnerability that is currently actively exploited.

Identified as CVE-2020-1

6009The zero-day was discovered by the Google Threat Analysis Team (TAG), a security team at Google that keeps track of threat actors and their ongoing activities.

In typical Google fashion, the zero-day details and bug exploits have not been made public – as a way to give Chrome users more time to install updates and stop them. Other threat multipliers develop their own exploits for the same zero-day.

However, in a short change announced today, Google said the zero-day is in V8, the Chrome component that processes the JavaScript code.

Chrome users should update their browser to version 86.0.4240.183 or higher.

No second day for two weeks

This is the second Chrome zero-day that Google has discovered exploited in the wild in the past two weeks.

On October 20, Google also released a security update for Chrome to fix the bug CVE-2020-15999, a date is not in Chrome’s FreeType font rendering library.

As Google revealed last week on Friday, this Chrome zero-day is already in use alongside Windows zero-day (CVE-2020-17087).

Chrome zero-day is used to execute malicious code within Chrome, while Windows zero-day is used to elevate code privileges and attack the underlying Windows operating system. Microsoft is expected to fix this zero-day on November 10, in the company’s next Tuesday patch release.

Google doesn’t make it clear whether these two zero days have been abused by the same threat agent.


Source link