Google has just released a fix for the second actively exploited Chrome zero-day security flaw in two weeks. CVE-2020-16009 is a v8 bug used for remote code execution,The fix applies to Windows, macOS and Linux.
“Google is aware of reports that an exploit for CVE-2020-16009 exists in the wild,” The Chromium bug entry with more details is locked to all but Chrome developers, as you might expect with a flaw that’s not totally been fixed.
Google fixed a previous, technically unrelated, zero-day flaw two weeks ago (Oct. 20), and related browsers quickly followed suit.
Google revealed a Windows zero-day flaw that was being used in combination with the first Chrome flaw to hijack PCs via malicious websites. It’s not clear if yesterday’s new flaw has anything to do with those attacks.
Most installations of Chrome and Chromium variants will update themselves if you close the browser and then relaunch it again, although not all Chromium variants may yet have released new versions to patch this flaw.
You want to update to version 86.0.4240.183 in Chrome . Although the latter doesn’t have that version ready yet. In Edge, the latest version is 86.0.622.61.