Google’s Project Zero is very quick to point out security flaws in other company’s products, but the search giant is far from being perfect itself. Two recently discovered zero-day vulnerabilities in Chrome have just been fixed with a new patch.
CVE-2020-16009 and CVE-2020-16010 are remote code-execution and heap-based buffer overflow flaws respectively and affect both the desktop and Android versions of Google’s web browser.
The CVE-2020-16009 vulnerability relates to the V8 JavaScript component on the desktop, while the CVE-2020-16010 flaw affecting Android is a heap-based buffer overflow vulnerability. In order to secure their browsers, Windows users need to update to at least version 86.0.4240.183 of Chrome, while Android users need to have at least version 86.0.4240.185 of the browser installed.
News of the flaw was shared on Twitter by Ben Hawkes:
A few people noticed that CVE-2020-16010 wasn’t included in the link above. That’s because Chrome has separate release notes for Desktop and Android. The release notes covering CVE-2020-16010 (sandbox escape for Chrome on Android) are now available here: https://t.co/6hBKMuCAaK
— Ben Hawkes (@benhawkes) November 3, 2020
To ensure that you have a safe version of Chrome installed, you will need to update. On the desktop, head to the About screen and a check will be performed. On Android, you will need to launch Google Play and check for updates.
Image credit: Ilya Sergeevych / Shutterstock