Google has released patches for two more serious Chrome vulnerabilities, making it a busy few weeks for its security team. Although recently discovered exploits have been identified by Google’s own Project Zero security team, the two new bugs were noticed by anonymous sources.
The new vulnerabilities are being tracked as CVE-2020-16013 and CVE-2020-16017 but it is not yet known if they are being used together as part of an exploit chain or if they are being deployed individually. However, Google did confirm reports “that exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild”.
Vulnerability CVE-2020-16013 had been described as involving inappropriate implementation in V8, the Chrome component that handles JavaScript code. While CVE-2020-16017 is a memory corruption bug affecting the Chrome component used to isolate one website’s data from another.
- Check out our complete list of the best antivirus software available today
- Here's our list of the best endpoint protection solutions
- Also, see our roundup of the best malware removal tools
Another zero-day
It is not currently clear how much of a risk these two vulnerabilities pose to regular users, but Google certainly thought that they presented enough of a threat to act swiftly. The technology giant was informed of the bugs less than a week ago.
Google has had plenty of practice when it comes to issuing patches in the last few weeks. Since October 20, Google has issued five zero-day patches (including the two most recent ones). As with those earlier bugs, Chrome users simply need to update their web browser to the most recent version in order to remain protected.
For anyone that hasn’t updated Chrome for a little while, however, there probably isn’t a need to panic. Zero-day exploits are usually deployed against selected targets, so the general user needn’t rush too much to get the latest security patches installed.
- Here's our list of the best web hosting services
Via ZDNet
