 |
| Google is working to fix more vulnerabilities in the Chrome browser |
Google released Chrome version 86.0.4240.198 for Windows, Mac, and Linux to fix exploited vulnerabilities.
Google asked users to update their browsers again after discovering vulnerabilities that would allow an unauthenticated remote attacker to compromise an affected system across a network.
This test brings the total number of vulnerabilities found in Chrome over the past three weeks to five that are actively exploited.
Chrome build 86.0.4240.198 can fix very serious bugs named CVE-2020-16013 and CVE-2020-16017.
The company did not provide any information about the attacks that exploited the vulnerabilities or threats behind the attacks.
Google said: Until most users apply this update, error details and links may not be available.
She added: We also keep some caveats in case the bug is found in the third-party libraries that other projects rely on and that hasn't been fixed.
Remote attackers can exploit CVE-2020-16017 by creating specially designed web pages, motivating victims to visit web pages, triggering vulnerabilities, and executing arbitrary code from the target system.
At the same time, attackers can remotely exploit CVE-2020-16013 by creating a specially designed website and motivating the victim to visit the website, thus destroying the system.
Google described this error as an incorrect implementation in V8 (Open Source JavaScript Engine) developed by the Chromium Project for Google Chrome and Chromium web browsers that can handle JavaScript and WebAssembly.
Since October 20, Google has fixed five security flaws. Version 86.0.4240.111 resolves the CVE-2020-15999 active vulnerability in the FreeType library that was discovered by the Google Project Zero Vulnerability Research Team.
86.0.4240.183 fixes another exploited remote code implementation vulnerability CVE-2020-16009, but also fixes the CVE-2020-16010 vulnerability in the Chrome browser for Android devices.
Project Zero researchers also found that CVE-2020-17087 was used to lift the Windows kernel privilege affecting systems running Windows 7 or later and was used effectively in targeted attacks.