Google Chrome has started receiving new update that fixes two zero-day vulnerabilities discovered in the wild. The update is specifically meant for Windows, Mac, and Linux users and is the third in the series after Google released a zero-day issue-related update in October and another similar patch last week. The search giant also recently brought a zero-day vulnerability fix to the Chrome for Android a few days back. However, unlike the three earlier patches that were reported by Google’s internal researchers, the two new zero-day issues were discovered by anonymous sources.
The latest Google Chrome update brings version 86.0.4240.198. As per the details provided through a blog post, the update fixes the vulnerabilities CVE-2020-16013 and CVE-2020-16017. The former is described as an inappropriate implementation in the V8 JavaScript engine and was reported on November 9. In contrast, the latter is known as a “use after free in site isolation” memory corruption bug and was reported on November 7.
Google notes that both vulnerabilities were reported by anonymous sources. However, it is unclear whether the two issues were exploited together or separately.
Chrome users are advised to look for the latest update by going to Help > About Google Chrome after clicking on the three dots button from the top-right corner of the browser window. The update is being rolled out in stages and may take some time to reach all users.