Issued a company Google, version 86.0.4240.198 of the Chrome browser for Windows, Mac and Linux operating systems in order to address security vulnerabilities Has been exploited.
Google is asking users to update their browsers again as two vulnerabilities have been identified that would allow an unauthenticated remote attacker to compromise an affected system across the web.
The disclosure brings the total number of vulnerabilities discovered within Chrome during the past three weeks to five security vulnerabilities that were actively exploited.
The company did not provide any information about the attacks that exploited the vulnerabilities or the threat actors behind the attacks.
Google said: Access to bug details and links may be restricted until the majority of users are updated with a fix.
She added: We also keep the restrictions in case the bug is in a third-party library that other projects rely on and hasn’t fixed yet.
A remote attacker can exploit CVE-2020-16017 by creating a specially crafted webpage, tricking the victim into visiting it, triggering the flaw, and executing arbitrary code across the target system.
Meanwhile, a remote attacker can exploit CVE-2020-16013 by creating a specially crafted webpage, trick the victim into visiting it, and then being able to compromise the system.
Google corrected five exploits since October 20, as it fixed it with version 86.0.4240.111 CVE-2020-15999 actively exploited FreeType library, which was discovered by Google’s bug research team Project Zero.
While version 86.0.4240.183 fixed another CVE-2020-16009 vulnerability in remote code execution Been exploited, It also fixed the CVE-2020-16010 vulnerability in the Chrome browser for Android devices.
Project Zero researchers also revealed the exploitation of CVE-2020-17087 to raise the privileges of the Windows kernel, which affects systems running Windows 7 or later, and is effectively exploited in targeted attacks.