Google has patched several new security bugs with its new update, including a zero-day vulnerability that is currently being exploited by attackers. Chrome users are advised to ensure their web browser is fully updated to ensure it is protected.
The new vulnerability, tracked as CVE-2020-16009 (opens in new tab), was discovered by Google’s Threat Analysis Group, which has been pretty busy of late. On Twitter, Shane Huntley, director of the group, praised his team’s work in tackling multiple zero-day threats over the last few weeks. He also confirmed (opens in new tab) that the most recently patched threat was seen in targeted exploitation and not connected "to any US election-related targeting.”
Other details surrounding the vulnerability have not been disclosed as this may provide attackers with the information they need to develop their own exploits. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” a Chrome release update read. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
- The best endpoint protection software (opens in new tab) on the market
- The best VPN service (opens in new tab) for your business
- Our list of the best SSL certificate services (opens in new tab)
Yet another threat
With the coronavirus pandemic continuing to disrupt countries across the globe and the US gearing up for a presidential election, there are plenty of opportunities for cyberattackers to exploit. Misinformation around both the pandemic and the election has been put to use in a variety of phishing campaigns already.
Last month, Google had to patch another zero-day threat, while also exposing a further bug that affected Windows machines (opens in new tab). There is no word yet on whether these zero-day threats have been exploited by the same threat actors.
Chrome’s CVE-2020-16009 vulnerability was reportedly found lurking within the browser component that manages JavaScript code. However, if users update Chrome to version 86.0.4240.183 or later they should be protected.
- Here's our roundup of the best antivirus software (opens in new tab) available today
Via ZDNet (opens in new tab)