A new update for Chrome
Two more vulnerabilities have been fixed.
David FischerGoogle has to update its Chrome browser again two days after the last security update. Two other vulnerabilities have emerged that are already being used for attacks.
In the Chrome version 86.0.4240.198 for Windows, macOS and Linux from November 11 the developers fixed two security vulnerabilities for which exploit code has already been seen. This obviously means that these Chrome vulnerabilities, like two others in the past few weeks, are used in attacks.
The Chrome Release Blog states that Google had reports that exploits existed for both vulnerabilities in the wild. It describes the CVE-2020-16013 vulnerability as an inappropriate implementation in the Javascript engine V8.
CVE-2020-16017, on the other hand, is a use-after-free vulnerability in site isolation. This is actually supposed to separate the code and data of an accessed website from those of other websites so that one website cannot steal or manipulate data from the other. Google classifies both vulnerabilities as high risk.
About Author
David Fischer
I am a technology writer for UpdateStar, covering software, security, and privacy as well as research and innovation in information security. I worked as an editor for German computer magazines for more than a decade before starting to be a team member at UpdateStar.