Google fixed two other zero-day vulnerabilities that were actively exploited in the wild. Update now!
A little over a week ago, we advised you to update your Chrome browser. This warning came a week after we advised you to update your Chrome browser. Things are a little repetitive here.
Today we have to repeat this statement, as Google has released patches for two new zero-day vulnerabilities. Someone has told Google, although the source(s) wish to remain anonymous. Since the vulnerabilities are zero-day, they are already being used in real attacks.
Zero day is a valuable asset for cybercriminals because there is no vulnerability patch (until yesterday) and each unused system is a different potential victim. That is why we advise you to update Chrome as soon as possible.
What problems have been solved?
Common Vulnerabilities and Exposures (CVEs) are included in the Common Vulnerabilities and Exposures List, a dictionary that defines common vulnerabilities and exposures in the field of cyber security. The purpose of the TSC is to facilitate the exchange of data between vulnerabilities (tools, databases and services).
In this case, two vulnerabilities were catalogued as having been identified:
CELLAR-2020-16013: Insufficient execution in V8. Does that sound familiar? V8 was also the subject of CVE-2020-16009, where researchers said it had something to do with the way the Chrome browser handles Javascript.
CELLAR-2020-16017: Use after insulating the open area. Site isolation is a function that forces each site to work in a separate process without interacting with each other. Each of them works in a sandbox, which forms an extra line of defence. Use after sharing may indicate that a memory cell intended for this purpose may not be shared properly after the website is closed.
How do I install Chrome patches?
The easiest way is to update the chrome automatically, using basically the same method as described below, but which does not require your attention. But in the end, you may fall behind if you never close your browser or if something goes wrong, such as an extension that prevents you from updating your browser.
So there’s no harm in checking in once in a while. And this would be a good time, given the weaknesses of Day Zero. My preferred method, which also allows me to keep track, is to ask Chrome to open a Chrome:// Settings/help page, which can also be accessed by clicking Settings > About Chrome.
When an update is available, Chrome will notify you and start the download. It will then tell you that you just need to restart your browser to complete the update.
Which version do I need?
After the update, your version number must be 86.0.4240.198 or higher. They’re now protected from vulnerabilities. According to Google, the stable channel has been updated to version 86.0.4240.198 for Windows, Mac and Linux, which will be distributed in the next days/weeks. Also keep an eye on chrome-based browsers (Opera, Edge, etc.), as these too may need to be updated.
Everybody be careful!
Related Tags: