Update Chrome Right Now to Fix Some Zero-Day Exploits

Update Chrome Right Now to Fix Some Zero-Day Exploits

All Chrome users should install the latest browser update — version 86.0.4240.183 on PC and version 86.0.4240.185 on Android — as soon as possible. The patches stamp out several security bugs, including two zero-day vulnerabilities hackers are actively exploiting.

Zero-day threats refer to security bugs found in prerelease software that hackers are already taking advantage of ahead of release. The first zero-day bug is listed as CVE-2020-16009 in Chrome’s latest security patch notes. The vulnerability stems from Chrome’s V8 Javascript component on desktop, but little else is known at this point. It’s not even clear how the bug is being exploited or the kinds of attacks it’s vulnerable to.

The Android bug, CVE-2020-16010 was disclosed shortly after CVE-2020-16009. It allows remote code execution through vulnerabilities in the Android app’s UI.

This is the second round of patches in two weeks that addresses zero-day bugs. A third bug that affected Chrome’s font library, CVE-2020-15999, was patched on October 20. That bug allowed hackers to install malware remotely, and was used in tandem with yet another zero-day bug found in Windows 10 to give the malicious programs even more access to the victim’s system.

The good news is that all three Chrome bugs are now fixed, and a patch for the Windows bug is coming soon. Google released a security patch for Chrome’s CVE-2020-15999 on October 20, and fixes for CVE-2020-16009 and CVE-2020-16010 now available for PC and Android. Microsoft will fix the Windows 10 bug in the upcoming November 10 patch, so keep an eye out for that.

Don’t rely on auto-updates to prevent zero-day attacks

The Chrome bugs will no longer be a threat once users have upgraded to the latest version of Chrome available for your device. On your desktop, Chrome downloads updates in the background and alerts you when it’s time to install, but don’t sit back and assume you’re safe just because Chrome can patch itself.

Security patches for zero-day bugs aren’t common, but they’re crucial to keep your PC safe from malware. Unfortunately, even the highest-priority patches don’t roll out to everyone immediately, and some users also delay installing them.

Case in point: if you didn’t install the October 20 security patch, you could have faced at least three zero-day bugs threatening your PC. That’s why you should regularly check for Chrome patches manually, even if auto-updates are turned on. On your PC, go to chrome://settings/help, or click the three-dot “More” icon in the upper-right corner of the browser and go to Settings > About Chrome (on the sidebar)

On your smartphone or tablet, simply visit Apple’s App Store or the Google Play Store to grab the latest updates for Chrome.

[ZDNet]

Log in to comment on this story!