Google Chrome seeks second security patch for zero day vulnerability
By MYBRANDBOOK
Google chrome has introduced a new security update on desktops. The new patch manages fixes to a total of 10 bugs in the browser, including zero-day vulnerability - the second to have been noticed by Google's Threat Analysis Group (TAG) that tracks threat actors in the last two weeks.
Google has refused to reveal any details of the bug and links till a majority of Chrome users have installed the update and the vulnerabilities are also fixed in any related third-party library.
A zero-day vulnerability refers to a recently discovered software security flaw that could have been already exploited by hackers.
For the systems running on Windows, Mac, and Linux, the Google Chrome security patch version 86.0.4240.183 is being released.
In a blogpost published on Chrome, Google said that it was aware of reports that an exploit of the particular zero-day vulnerability identified as CVE-2020-16009 exists in the wild. The changelog of the update only has a passing mention that the zero-day bug was in V8 - an open-source JavaScript engine designed for Google Chrome and is also used by other Chromium browsers, such as Microsoft Edge and Opera.
The zero-day issue that the latest patch fixes is the second to be spotted in the last two weeks and the fourth in the last 12 months.
A security patch was released by Google to fix CVE-2020-15999 - an actively exploited memory corruption bug in the FreeType font rendering library within Chrome.
A few days after releasing a security patch to fix it, Google on October 30 revealed that the zero-day CVE-2020-15999 was being exploited in conjunction with a windows zero-day vulnerability identified as CVE-2020-17087.
While the malicious code was being executed inside Google Chrome, the Windows zero-day was increasing the code's privileges to attack the Windows OS. Ben Hawkes, the technical lead of Google's Project Zero, an elite team of bug hunters, has said that Microsoft is expected to issue a security patch to fix their security flaw on November 10.
While Google's TAG did not reveal if the two bugs were being exploited by the same threat actors, it confirmed that the motive of the attackers was unrelated to the US presidential elections.
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
IBALL WORLDWIDE PVT. LTD.
OPTIEMUS INFRACOM
RELIANCE JIO INFOCOMM LTD.
DRUVA SOFTWARE PVT. LTD.
Technology Icons Of India 2023: Anant Maheshwari
As President of Microsoft India, he is responsible for Microsoft’s o...
Technology Icons Of India 2023: Byju Raveendran
Byju Raveendran is the founder of edutech start-up Byju’s. Raveendra...
Technology Icons Of India 2023: Hari Om Rai
Hari Om Rai is the Co-founder, Chairman & Managing Director of Lava In...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
NIC bridging the digital divide and supporting government in eGovernance
The National Informatics Centre (NIC) is an Indian government departme...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
ADITYA INFOTECH LTD.
Aditya Infotech Ltd. (AIL) – the technology arm of Aditya Group, is ...
REDINGTON INDIA LIMITED
Redington (India) Limited operates in the IT product distribution busi...
NETPOLEON SOLUTIONS
Netpoleon Group is a Value-Added Distributor (VAD) of Network Security...