Google has addressed two zero-day vulnerabilities, actively exploited in the wild, addresses in the release of Chrome version 86.0.4240.198.
Tracked as CVE-2020-16013 and CVE-2020-16017, were reported by anonymous sources. Google experts did not disclose the way the flaws have been exploited in the attacks.
The CVE-2020-16013 flaw is an inappropriate implementation in V8 Chrome component.
The CVE-2020-16017 flaw is a use after free memory corruption bug in Site Isolation
It is interesting to note that one of the vulnerabilities was reported to Google the same day the company released the new version of the popular browser.
The other three zero-days patched by Google in the last weeks were:
- CVE-2020-15999 – The flaw is a memory corruption bug that resides in the FreeType font rendering library, which is included in standard Chrome releases.
- CVE-2020-16009 – is a Heap buffer overflow in Freetype in Google Chrome.
- CVE-2020-16010 – affects the browser’s user interface (UI) component in Chrome for Android.
It’s mind boggling to update chrome day after week after months to get protection against Exploit