Update Chrome Now to Fix Some Zero-Day Vulnerabilities
All Chrome users should get the latest browser update, version 86.0.4240.183 for PC and version 86.0.4240.185 for Android, as soon as possible. The patches address several security bugs, including two zero-day vulnerabilities that are actively exploited by hackers.
Zero-day threats refer to security bugs found in pre-release software that hackers have exploited prior to release. The first zero-day bug is listed as CVE-2020-16009 in the notes for the latest Chrome security fix . The vulnerability stems from the Javascript V8 Chrome desktop component, but little is known at this time. It is not even clear how the error is used or what types of attacks it is vulnerable to.
Android bug CVE-2020-16010 was disclosed shortly after CVE-2020-16009. It allows you to remotely execute code through vulnerabilities in the user interface of an Android application.
This is the second round of zero-day bug fixes in two weeks. The third bug that affected the Chrome font library, CVE-2020-15999, was fixed on October 20. This bug allowed hackers to install malware remotely and was used in tandem with another zero-day bug found in Windows 10 to force attackers programs to gain even more access to the victim’s system.
The good news is that all three Chrome bugs have now been fixed and a fix for the Windows bug is coming soon. Google released Chrome security patch CVE-2020-15999 on October 20, and the fixes for CVE-2020-16009 and CVE-2020-16010 are now available for PC and Android. Microsoft will fix the Windows 10 bug in the next November 10 patch, so stay tuned.
Don’t rely on automatic updates to prevent zero-day attacks
Chrome bugs will no longer pose a threat after users update to the latest version of Chrome available for your device. On your desktop, Chrome downloads updates in the background and alerts you when it’s time to install, but don’t relax and think you’re safe just because Chrome can fix itself.
Zero-day security patches are not common, but they are critical to keeping your computer safe from malware. Unfortunately, even the highest priority patches are not distributed immediately to everyone, and some users also postpone their installation.
Case in point: If you haven’t installed the October 20 security patch, you might have encountered at least three zero-day errors that threaten your computer. This is why you should check manually for Chrome fixes on a regular basis, even if automatic updates are turned on. On your PC, go to chrome: // settings / help or click the three-dot More icon in the upper right corner of your browser and go to Settings> About Chrome (in the sidebar).
On your smartphone or tablet, simply visit the Apple App Store or Google Play Store to download the latest updates for Chrome.
[ ZDNet ]