Google Squashes A Pair Of Chrome Zero-Day Security Exploits, But You Need To Update ASAP
Google has released a new version of Google Chrome today after tackling two more high-profile, zero-day exploits. Over the last several weeks, Google has found multiple attack vectors and has been squashing them at a rapid pace, so this is just a couple more on the pile. Users are advised to upgrade Chrome ASAP, as the risk for these exploits is ranked “High” by Google.
At the end of October, Google took care of several exploits that came up through Project Zero. The new exploits that were discovered make it seem like Google Chrome is Swiss cheese with all the security holes, but they are being patched at the very least. The first vulnerability, given the designation CVE-2020-16013, is explained as an “inappropriate implementation in V8.” V8 is the open-source JavaScript engine developed for Chromium browsers. This exploit could potentially affect Microsoft Edge as well, but we will see if Microsoft provides an update to address this vulnerability.
The other vulnerability, designated CVE-2020-16017, is explained as a “Use after free in site isolation” vulnerability. This means that when memory is freed, something may try to use it, which could “can cause a program to crash, use unexpected values, or execute code,” according to MITRE, one of the leading not-for-profit government research centers dealing with cybersecurity.
At present, Google is not reporting the specifics of these exploits due to the widespread nature of the vulnerabilities. Even though we do not have an exact idea of how dangerous the vulnerabilities are, users need to patch Chrome right away as Google reports that “CVE-2020-16013 and CVE-2020-16017 exist in the wild.”
