Google Chrome patch for two new zero-days
(Photo : Simon Steinberger from Pixabay) Chrome users are advised to update their browser following discovery of zero-days.

Within three weeks, the internet giant Google has discovered a total of five security flaws with Chrome, one of the widely used internet browsers these days, prompting the company to release the Chrome version 86.0.4240.198 this Wednesday, November 11, to patch the two zero-day vulnerabilities they most recently found in the wild.

Google Chrome patch for two new zero-days
(Photo : Caio from Pexels)
Two new zero-days have been discovered and confirmed by Google.

New Zero-Days Discovered

According to ZDNet, the first three security flaws were internally found by Google's own security research team, but the fourth and fifth ones were brought to the company's attention by anonymous tips.

The first three vulnerabilities were discovered on October 20 and November 2, while the fourth one was reported on Monday, November 9, and the last one was reported early Wednesday.

As of writing, the company has not announced any details concerning attacks using the exploited zero-days, and followers are unsure whether the zero-days were used together or individually.

Google has published a Chrome 86.0.4240.198 changelog, where the security fixes were listed as "an inappropriate implementation in V8, where V8 is the Chrome component that handles JavaScript code," as well as "use after free memory corruption bug in Site Isolation," for zero-days CVE-2020-16013 and CVE-2020-16017, respectively.

Read More: Online Exam Software Alarms People as Law Student Receives 'Unable to Identify Your Face' Message

Five Flaws in Three Weeks

The two zero-days were found after the company has released the patches for the first three zero-days found, which were described on a separate changelog.

The first security flaw, CVE-2020-15999, was described as a zero-day in the web browser's "FreeType font rendering library" and was used together with a Windows zero-day that was both patched already.

CVE-2020-16009 was a "v8 bug used for remote code execution," according to Google Project Zero technical lead Ben Hawkes via Twitter, which was patched on November 2.

The last zero-day, CVE-2020-16010, was found in Chrome for Android and affected the browser's user interface (UI) component, so Android users are also advised to update their Chrome for an added layer of protection.

Update Your Chrome Now

With these security flaws found, should Chrome users start worrying?

In the report by Gizmodo, zero-days are generally used to attack a small group of selected targets, so there's no need for panic to ensue, however, it is still vital to download the new Chrome patch to help protect themselves as the level of danger brought by these zero-days is still unclear.

Google wrote on the most recent changelog that they are aware of the exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild.

Blocking JavaScript Redirects

In related news, the company has also announced a new security feature that will provide another layer of security for when users click on a link that opens the URL in another tab or window.

According to BleepingComputer, Google created an HTML link attribute to prevent JavaScript from redirecting a page.

According to Microsoft Edge developer Eric Lawrence, the same feature will be added to Chromium, so Edge, Brave, Chrome, and other Chromium-based web browsers will have this added security feature soon.

As of now, the feature is only available in Chrome Canary, but it is expected to be released in Chrome 88 on January 2021.

Related Article: Phishing Scam: IRS Issues Warning About a New Stimulus Check Scam via Text Messages

This article is owned by Tech Times

Written by: Nhx Tingson

ⓒ 2021 All rights reserved. Do not reproduce without permission.