News

Google again fixes two zero days in Chrome

By admin
Spread the love

Google has again fixed two zero days in Chrome. The two vulnerabilities were in the JavaScript engine V8 and in the Site Isolation feature and were actively exploited, according to the company. It is the third time in a short time that zero days have been closed in Chrome.

These are two vulnerabilities that have been rated ‘High’, according to Chrome’s changelog 86.0.4240.198 for Windows, macOS and Linux. These are CVE-2020-16013 and CVE-2020-16017. No extensive details are known about the vulnerabilities at this time. Google does say that the first is a faulty implementation of V8, the JavaScript engine in Chrome. The other is a use-after-free vulnerability in the Site Isolation functionality. Google says both vulnerabilities were actively exploited, but does not provide details. It is therefore not known whether the vulnerabilities were only exploited together or separately.

The two leaks were discovered by outside security researchers, who received an unspecified reward for them. One leak was reported last Monday, the other on Wednesday.

Google has patched zerodays in the browser more often in recent times. In early November, it also closed two vulnerabilities in V8. In October, it turned out that there was an actively attacked vulnerability in the browser’s font library.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Anticheat FaceIT gets Linux version, enables Steam Deck support

News

Brave sells web content as data for AI training

News

Firefox beta has support for Nvidia video upscaling technique