Google has patched a second actively exploited zero-day flaw in the Chrome browser in two weeks, along with addressing nine other security vulnerabilities in its latest update.<\/p>\n
The company\u00a0released<\/a>\u00a086.0.4240.183 for Windows, Mac, and Linux, which it said will be rolling out over the coming days\/weeks to all users.<\/p>\n The zero-day flaw, tracked as\u00a0CVE-2020-16009<\/strong>, was reported by Clement Lecigne of Google\u2019s Threat Analysis Group (TAG) and Samuel Gro\u00df of Google Project Zero on October 29.<\/p>\n The company also warned that it \u201cis aware of reports that an exploit for CVE-2020-16009 exists in the wild.\u201d<\/p>\n Google hasn\u2019t made any details about the bug or the exploit used by threat actors public so as to allow a majority of users to install the updates and prevent other adversaries from developing their own exploits leveraging the flaw.<\/p>\n But Ben Hawkes, Google Project Zero\u2019s technical lead,\u00a0said<\/a>\u00a0CVE-2020-16009 concerned an \u201cinappropriate implementation\u201d of its V8 JavaScript rendering engine leading to remote code execution.<\/p>\n Aside from the ten security fixes for the desktop version of Chrome, Google has also addressed a separate zero-day in Chrome for Android that was being exploited in the wild \u2014 a sandbox escape flaw tracked as CVE-2020-16010.<\/p>\n The zero-day disclosures come two weeks after Google fixed a critical buffer overflow flaw (CVE-2020-15999<\/a>) in the Freetype font library.<\/p>\n