Google has released a security update for its Chrome web browser. The stable channel has been updated to 86.0.4240.183 for Windows, Mac & Linux which will roll out over the coming days/weeks. You can find a list of changes here.
The second Chrome zero-day in two weeks
The bug that identified as CVE-2020-16009 was found by Google’s Threat Analysis Group (TAG), a security team at Google. Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. It is recommended for Google Chrome users to update their browser to version 86.0.4240.183 or later.
In the last week of October, Google also released a security update for Chrome to patch CVE-2020-15999, a zero-day in Chrome’s FreeType font rendering library. So, this is the second Chrome zero-day that Google found exploited in the wild in the past two weeks.
What is a zero-day attack?
One of the most common ways of cyberattacks is zero-day attack. A zero-day attack is a flaw that occurs on the same day a weakness is discovered in software. It can be defined as an unknown exploit in the wild that exposes a vulnerability in software or hardware. When a user discovers that there is a security risk in a program, they can report it to the software company. It can create complicated problems until it has been discovered. Usually, the program creators are to create a fix that improves program protection.