Google has to update its Chrome browser again two days after the last security update. Two other vulnerabilities have emerged that are already being used for attacks.
In the Chrome version 86.0.4240.198 for Windows, macOS and Linux from November 11 the developers fixed two security vulnerabilities for which exploit code has already been seen. This obviously means that these Chrome vulnerabilities, like two others in the past few weeks, are used in attacks.
The Chrome Release Blog states that Google had reports that exploits existed for both vulnerabilities in the wild. It describes the CVE-2020-16013 vulnerability as an inappropriate implementation in the Javascript engine V8.
CVE-2020-16017, on the other hand, is a use-after-free vulnerability in site isolation. This is actually supposed to separate the code and data of an accessed website from those of other websites so that one website cannot steal or manipulate data from the other. Google classifies both vulnerabilities as high risk.
about author
