Google has released a security advisory for its Chrome users on Windows, Mac, and Linux, addressing two very critical Zero-Day exploits exploited in the wild. These google chrome security vulnerabilities tracked as CVE-2020-16013 and CVE-2020-16017. Endpoints not been patched are advised to deploy patches ASAP. The flaws reported by “anonymous” sources to Google, unlike the previous cases where Google’s Project Zero elite security team taken the opportunity to report. A vulnerability management solution will help remediate vulnerabilities.
At the time of writing, details of attacks where both zero-days being exploited not made public. The Google Chrome Security Vulnerabilities mentioned a few below. Also, a patch management tool can patch known vulnerabilities.
Zero-Day CVE-2020-16013
This vulnerability exists in the V8 JavaScript rendering engine, it is the component of chrome that handles JavaScript code. This flaw described as an “inappropriate implementation in V8“.
Zero-Day CVE-2020-16017
Use-after-free memory corruption issue in Google Chrome’s site isolation feature. It is the component of chrome which isolates each site’s data from one and another. This flaw described as a “use after free” memory corruption bug.
Google added in the advisory,
Google is aware of reports that exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild.
We need to take notice that CVE-2020-16009 a zero-day flaw Google patched last week also a similar “Inappropriate implementation in V8” issue which fixed in Chrome release 86.0.4240.183 and reported by Clement Lecigne of Google’s Threat Analysis Group and Samuel Groß of Google Project Zero on 2020-10-29. Also, It is not clear if the two issues are related.
Affected products
Google Chrome versions before 86.0.4240.198.
Impact
This issue allows attackers to cause a program to crash, use unexpected values, or execute code on the affected system.
Solution
Google has released the security updates addressing the issue in Google Chrome version 86.0.4240.198.
SanerNow detects this vulnerability and automatically fixes it by applying security updates. Download SanerNow and keep your systems updated and secure.