December 3, 2023

Google has just released a fix for the second actively exploited Chrome zero-day security flaw in two weeks. CVE-2020-16009 is a v8 bug used for remote code execution,The fix applies to Windows, macOS and Linux.

“Google is aware of reports that an exploit for CVE-2020-16009 exists in the wild,” The Chromium bug entry with more details is locked to all but Chrome developers, as you might expect with a flaw that’s not totally been fixed.

Google fixed a previous, technically unrelated, zero-day flaw two weeks ago (Oct. 20), and related browsers quickly followed suit.

Google revealed a Windows zero-day flaw that was being used in combination with the first Chrome flaw to hijack PCs via malicious websites. It’s not clear if yesterday’s new flaw has anything to do with those attacks.

Most installations of Chrome and Chromium variants will update themselves if you close the browser and then relaunch it again, although not all Chromium variants may yet have released new versions to patch this flaw.

You want to update to version 86.0.4240.183 in Chrome . Although the latter doesn’t have that version ready yet. In Edge, the latest version is 86.0.622.61.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Post

Chrome Tailgates IE fix 0 Day

June 10, 2021

Google now let you Untrusted Extension

June 6, 2021

You may have missed

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – November, 2023

December 2, 2023

Staples affected by a Cyber Attack

December 2, 2023

CISA KEV Update Part I – December 2023

December 1, 2023 2

Dollar Tree Affected by a Third Party Breach

December 1, 2023

Apple Patches iOS zerodays – CVE-2023-42916 and CVE-2023-42917

December 1, 2023

TheCyberThrone Security Week In Review – November 25, 2023

November 30, 2023
%d bloggers like this: