Google is currently advising every Chrome browser user, whether they use it on a smartphone or P.C., to download the updated version of the browser.
The tech giant recently fixed three critical zero-day vulnerabilities, and thus the patches must get applied as soon as possible.
A Zero-Day vulnerability is a critical software vulnerability which tends to be unknown to ones who should be mitigating the problem at once. It also includes the vendor of the target software, which is Google in this case.
The first bug, now being identified as CVE-2020-16009, was discovered by TAG aka Google’s Threat Analysis Group which is a team of security professionals tasked with tracking various threat actors and their multiple ongoing operations.
Google didn’t reveal too many details about this particular bug as it could end up encouraging other threat actors to develop their own exploits on the same day. However, in a short changelog which was published shortly after, the search giant did reveal that the zero-day vulnerability happened to reside in the Chrome component responsible for handling JavaScript code called V8.
As of now, it is being advised that Android Chrome users update their browser to the whichever is the latest patched version available as there can be many new updates from Google in the near future regarding the same.
The move becomes more significant in lights of the fact that Google Chrome browser accounts for a lion’s share of the worldwide browser market. Every 2 out of 3 internet users make use of Chrome. Even in Mobile, Chrome dominates the market with 63.7% share, leaving the closest competitor Apple Safari far behind.
Moving on, the second Chrome Zero-day vulnerability was found in the past two weeks wherein it was exploited the wild.
Google, on October 20, released a security update for this particular bug named as CVE-2020-15999.
This was a bug that resided in the browser’s FreeType Font rendering library. Last week, on Friday it was revealed by the California based tech giant that this zero-day Chrome bug was being utilized in combination with a zero-day bug of Windows – CVE-2020-17087.
This particular vulnerability was being used by attackers to execute malicious code inside of the browser while the Windows zero-day vulnerability allowed the code’s privileges to be escalated.
The main motive of this bug was to allow threat actors to attack the underlying Windows OS from where it could go on to access a host of other essential controls.
Microsoft, taking note of the same, announced that they would be fixing the vulnerability on their part on November 10 which is Patch Tuesday.
Lastly, the third and most recent zero-day vulnerability, which was identified happened to impact only Android Google Chrome users.
Now named CVE-2020-16010, this particular zero-day is a ‘heap buffer overflow vulnerability’ in the Android U.I. component of the Chrome browser.
As mentioned earlier, users, to protect themselves, can simply update Chrome for Android to the latest version. In this case, it is ver. 86.0.4240.185.
Three consecutive zero-day vulnerabilities are definitely a huge red flag and a severe cause for concern. This indicates that hackers and various malicious threat actors are ramping up their efforts to find newer ways to exploit software that one uses in everyday life.
Thus, it is high time the end consumer starts becoming more vigilant and take measures to protect them while they are online. You must all update We will keep you updated on all future developments. Until then, stay tuned.
