The company Google has announced a new release of Chrome browser for Windows, macOS and Linux. Build 86.0.4240.198 includes patches for two zero-day vulnerabilities that attackers are already trying to exploit in attacks. Users are advised to update the application as soon as possible.
Details of new holes are scarce. The developer learned about their existence a few days ago from anonymous sources. The severity of both bugs was assessed as high.
In the Google announcement , the vulnerability CVE-2020-16013 is described as “invalid implementation in V8” (an open source JavaScript engine). Another bug, CVE-2020-16017, belongs to the “use after free” class. It has been found in the site isolation defense mechanism.
In total, over the past month, Chrome developers have closed five vulnerabilities that have already been highlighted in attacks. In addition to two new ones, they had to urgently patch CVE-2020-15999, CVE-2020-16009 (also in V8) and CVE-2020-16010. The latest flaw appeared in the mobile version of the browser.