Within three weeks, the internet giant Google has discovered a total of five security flaws with Chrome, one of the widely used internet browsers these days, prompting the company to release the Chrome version 86.0.4240.198 this Wednesday, November 11, to patch the two zero-day vulnerabilities they most recently found in the wild.
New Zero-Days Discovered
According to ZDNet, the first three security flaws were internally found by Google's own security research team, but the fourth and fifth ones were brought to the company's attention by anonymous tips.
The first three vulnerabilities were discovered on October 20 and November 2, while the fourth one was reported on Monday, November 9, and the last one was reported early Wednesday.
As of writing, the company has not announced any details concerning attacks using the exploited zero-days, and followers are unsure whether the zero-days were used together or individually.
Google has published a Chrome 86.0.4240.198 changelog, where the security fixes were listed as "an inappropriate implementation in V8, where V8 is the Chrome component that handles JavaScript code," as well as "use after free memory corruption bug in Site Isolation," for zero-days CVE-2020-16013 and CVE-2020-16017, respectively.
Read More : Online Exam Software Alarms People as Law Student Receives 'Unable to Identify Your Face' Message
Five Flaws in Three Weeks
The two zero-days were found after the company has released the patches for the first three zero-days found, which were described on a separate changelog.
The first security flaw, CVE-2020-15999, was described as a zero-day in the web browser's "FreeType font rendering library" and was used together with a Windows zero-day that was both patched already.
CVE-2020-16009 was a "v8 bug used for remote code execution," according to Google Project Zero technical lead Ben Hawkes via Twitter, which was patched on November 2.
The last zero-day, CVE-2020-16010, was found in Chrome for Android and affected the browser's user interface (UI) component, so Android users are also advised to update their Chrome for an added layer of protection.
Update Your Chrome Now
With these security flaws found, should Chrome users start worrying?
In the report by Gizmodo, zero-days are generally used to attack a small group of selected targets, so there's no need for panic to ensue, however, it is still vital to download the new Chrome patch to help protect themselves as the level of danger brought by these zero-days is still unclear.
Google wrote on the most recent changelog that they are aware of the exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild.
Blocking JavaScript Redirects
In related news, the company has also announced a new security feature that will provide another layer of security for when users click on a link that opens the URL in another tab or window.
According to BleepingComputer, Google created an HTML link attribute to prevent JavaScript from redirecting a page.
According to Microsoft Edge developer Eric Lawrence, the same feature will be added to Chromium, so Edge, Brave, Chrome, and other Chromium-based web browsers will have this added security feature soon.
As of now, the feature is only available in Chrome Canary, but it is expected to be released in Chrome 88 on January 2021.
This article is owned by Tech Times
Written by: Nhx Tingson