In addition to addressing nine other vulnerabilities in its latest update, Google closed the Zero-Day vulnerability that was actively exploited in its Chrome browser within two weeks.
The company has released version 86.0.4240.198 for Windows, Mac, and Linux and said it will be available to all users in the coming days.
The Zero-Day vulnerability, referred to as CVE-2020–16009, was reported on October 29 by Clement Lecigne of Google’s Threat Analysis Group (TAG) and Samuel Groß of Google Project Zero.
Google did not provide any details about the vulnerability or exploitation used by threat actors to allow the majority of users to install updates and prevent different people from developing their own exploits by exploiting the openness.
But Ben Hawkes, technical officer for Google Project Zero, said CVE-2020–16009 is interested in an “inappropriate application” that leads to remote code execution of the V8 JavaScript rendering engine.
The search giant has yet to clarify whether the same threat actor is abusing the detected Zero-Day.
Google Chrome update
We recommend that users update their devices to the latest version of Chrome to reduce the risk associated with the vulnerability.
To update Google Chrome, click where there are three dots in the upper right corner of the page. After clicking it, press the “Help” tab. Then we do the update by clicking the “About Google Chrome” tab.