You are currently viewing Google Chrome Under Active Exploitation With Two Zero-Days!

Google Chrome Under Active Exploitation With Two Zero-Days!

Google has released a security advisory for its Chrome users on Windows, Mac, and Linux, addressing two very critical Zero-Day exploits being exploited in the wild. These google chrome security vulnerabilities are tracked as CVE-2020-16013 and CVE-2020-16017. Endpoints that have not been patched are advised to deploy patches ASAP. The flaws were reported by “anonymous” sources to Google, unlike the previous cases where Google’s Project Zero elite security team had taken the opportunity to report.

At the time of writing, details of attacks where both zero-days are being exploited have not been made public. The Google Chrome Security Vulnerabilities are mentioned a few below.

Zero-Day CVE-2020-16013

This vulnerability exists in the V8 JavaScript rendering engine, it is the component of chrome that handles JavaScript code. This flaw can be described as an “inappropriate implementation in V8“.

Zero-Day CVE-2020-16017

Use-after-free memory corruption issue in Google Chrome’s site isolation feature. It is the component of chrome which isolates each site’s data from one and another. This flaw can be described as a “use after free” memory corruption bug.

Google added in the advisory,

Google is aware of reports that exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild.

We need to take notice that CVE-2020-16009 a zero-day flaw Google patched last week was also a similar “Inappropriate implementation in V8” issue which was fixed in Chrome release 86.0.4240.183 and was reported by Clement Lecigne of Google’s Threat Analysis Group and Samuel Groß of Google Project Zero on 2020-10-29. It is not clear if the two issues are related.

Affected products

Google Chrome versions before 86.0.4240.198.


This issue allows attackers to cause a program to crash, use unexpected values, or execute code on the affected system.


Google has released the security updates addressing the issue in Google Chrome version 86.0.4240.198.

SanerNow detects this vulnerability and automatically fixes it by applying security updates. Download SanerNow and keep your systems updated and secure.

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments