[ad_1]
A series of zero-day attacks have hit Google’s Chrome browser in recent weeks, and you can add two more to the list. Google released a patch this week to fix the security flaws in its browser, but we don’t know exactly what the flaws are. Unlike last zero days, Google did not find these security holes. Instead, it was reported by anonymous third parties, and the issues are serious enough not to reveal all the details. Suffice to say, you should stop putting off that update.
Google’s internal security team is constantly trying to crack Chrome to discover potential bugs before they become the basis for a harmful malware campaign. And indeed, Google detects many bugs and distributes patches before anyone outside the company even notices. A zero-day exploit is one that Google and the developer community missed, and thus could leave millions of machines open to attack.
Usually we get details on the patches in Chrome, but details on these latest flaws have been temporarily withheld by Google because both have been used in nature as attack vectors. One of the flaws, CVE-2020-16013, is related to Google’s V8 JavaScript engine. The second is CVE-2020-16017, and this is a memory management “use after free” issue that allows code to leak outside of Chrome’s site isolation sandbox.
Without more details, we can’t say if these errors are more serious than the others we’ve seen lately. However, they could have a much greater impact simply by virtue of the fact that the internet ne’er-do-well-ins figured out how to exploit them before Google knew there was a problem.
You are protected as long as you have Chrome version 86.0.4240.198 or higher. You can check it in Settings> Help> About Chrome. If it hasn’t been updated yet, you might have an annoying “update” badge at the top of Chrome right now. Just give up These are serious bugs that are being actively used to take over computers. Of course, high-value vulnerabilities like these are generally used to target a specific set of people. This is not yet an opportunity you want to take advantage of, and the details of these vulnerabilities will not remain a secret forever. You don’t want to run an older version of Chrome when the details are widely known.
Now read:
[ad_2]
