Posted on Thursday, November 12 2020 @ 14:08 CET by Thomas De Maesschalck
ZD Net
reports Google plugged two more zero-day vulnerabilities in its Chrome browser. Lately, Chrome has been hit by a lot of zero-day bugs. This marks the fourth and fifth zero-days that Google has patched over the past three weeks. To be secure, you need Chrome version 86.0.4240.198.
The difference this time is that while the first three zero-days were discovered internally by Google security researchers, these two new zero-days came to Google's attention after tips from anonymous sources.
Details about the attacks where the Chrome two zero-days have been used have not been made public, at the time of writing.
The first bug affects the JavaScript engine while the other one affected Site Isolation:
CVE-2020-16017 - Described as a "use after free" memory corruption bug in Site Isolation, the Chrome component that isolates each site's data from one another.