 |
| Chrome received the second patch within two weeks |
Google has released a security update for the Chrome web browser that fixes ten vulnerabilities, including one that is actively exploited and nine other vulnerabilities.
Google's Threat Analysis Team (TAG) is the search giant's security team, tasked with tracking threat actors and their daily operations and identifying vulnerabilities as (CVE-2020-). 16009).
In order to give Chrome users more time to install the update and to prevent others from developing further vulnerabilities, Google has not disclosed details of this vulnerability and the organization that exploited the vulnerability.
Google said: The bug is in V8, a component of Chrome that handles JavaScript code.
The company recommends users update their browser to Windows, Mac, and Linux OS versions (86.0.4240.183).
Google said: There were reports of exploiting this vulnerability (CVE-2020-16009) but no detailed information was provided about the participants in these attacks.
She added: Until most users update their browsers, access to details and error links will be restricted, and if the error is in a third-party library on which other projects depend and has not been fixed, then we will define it as well. .
This is the second vulnerability that Google discovered in Chrome over the past two weeks.
On October 20, the company released a browser security update to address a vulnerability in Chrome's Font Display Library (FreeType) (CVE-2020-15999).
Google also announced last week that this vulnerability was used in conjunction with the Windows Operating System Vulnerability (CVE-2020-17087).
Vulnerabilities in Chrome are used to run malicious code in the browser, while vulnerabilities in the Windows operating system are used to raise code permissions and attack the underlying Windows operating system.
Microsoft is expected to fix this vulnerability on November 10th. Correction will be done soon.
In addition to the ten security fixes for the desktop version of Chrome, Google has fixed another vulnerability in the Android version of Chrome (CVE-2020-16010).