- Google rolled out Google stable channel version 86.0.4240.198 on Wednesday to address two new zero-day exploits that had recently been discovered by security researchers.
- In all, Google has had to patch five zero-day vulnerabilities within the last three weeks, but users don’t appear to have been affected in any meaningful way as of yet.
- If you want to check and see if your Chrome browser is up to date on Windows, Mac, or Linux, type chrome://settings/help into the address bar and you can see what version of the browser you are currently running.
It’s never a bad time to make sure that all your software is updated in order to keep yourself safe from any potential issues or exploits that might have been discovered in a previous version. Sometimes the situation is far more serious though, and the developers behind your apps discover a bug that needs to be addressed as soon as possible. That’s the case with Google Chrome this week, as two zero-day exploits have just been patched.
On Wednesday, November 11th, Google rolled out a stable channel update for the desktop version of Chrome on Windows, Mac, and Linux addressing two high-severity vulnerabilities being called CVE-2020-16013 and CVE-2020-16017. You should be on version 86.0.4240.198 of Chrome, which you can check by typing chrome://settings/help in the address bar. Chrome should update automatically, at which point you can relaunch to finish updating.
Today’s Best Deal
As explained by Threatpost, CVE-2020-16017 as a “use-after-free in site isolation” bug, which an attacker can exploit by creating a webpage, leading an unaware user to that webpage, triggering an error, and executing the code on the victim’s system. CVE-2020-16013 is an “inappropriate implementation in V8” bug, which leads to the software failing to implement or incorrectly implementing one or more security checks. V8 is a component which handles JavaScript and WebAssembly, and attackers can use the same method described above to exploit it.
Whether or not any of us were at risk of having our systems taken over or our data stolen is unclear, but the fact is that these are just two of five zero-day exploits that Google has had to patch in Chrome within the last three weeks. The good news is that Google’s security researchers are finding these exploits about as quickly as they are being discovered by bad actors, but it appears that the hacking community is more aggressive as of late.
Most importantly, this just serves as another reminder that you shouldn’t put off updating your software when a new update drops. Yes, there will occasionally be problems that will need to be addressed in a subsequent update, but the next zero-day exploit could be one that ends with you having important data stolen.