Chrome for Android gets another zero-day vulnerability fix
The company while crediting its Threat Analysis Group (TAG) team for discovering the critical vulnerability noted that the security patch will be available to the users on Google’s Play Store over the coming few weeks.
Google has released a new security update for the Chrome for Android web browser that fixes a critical zero-day vulnerability that is being exploited in the wild.
The company has released Chrome 86 version 86.0.4240.185 for Android with fixes for vulnerability listed as CVE-2020-16010, which entails heap buffer overflow in the user interface component of Chrome for Android. Google said that the security vulnerability allowed hackers to bypass Chrome security sandbox for Android and run their malicious code on the operating system.
The company while crediting its Threat Analysis Group (TAG) team for discovering the critical vulnerability noted that the security patch that will be available to the users on Google's Play Store over the coming few weeks not only fixes the critical vulnerability but it also includes stability and performance improvements.
Today Chrome fixed two more vulnerabilities that were being actively exploited in the wild (discovered by Project Zero/Google TAG last week). CVE-2020-16009 is a v8 bug used for remote code execution, CVE-2020-16010 is a Chrome sandbox escape for Android. https://t.co/IOhFwT0Wx1— Ben Hawkes (@benhawkes) November 2, 2020
Notably, this is the third Chrome vulnerability that has been discovered by the TAG team in the past two weeks.
Prior to that, the company fixed another zero-day vulnerability titled CVE-2020-15999 in the desktop version of the Chrome web browser that affected Chrome's FreeType font rendering library.