Chrome-Zero-Day-CVE-2020-16013-CVE-2020-16017

Google has released a security advisory for its Chrome users on Windows, Mac, and Linux, addressing two very critical Zero-Day exploits being exploited in the wild. These Vulnerabilities can be tracked as CVE-2020-16013 and CVE-2020-16017. Endpoints that have not been patched are advised to deploy the patches ASAP. The flaws were reported by “anonymous” sources to Google, unlike the previous cases where Google’s Project Zero elite security team had taken the opportunity to report.

At the time of writing, details of attacks where both zero-days are being exploited have not been made public.


Zero-Day CVE-2020-16013

This vulnerability exists in the V8 JavaScript rendering engine, it is the component of chrome that handles JavaScript code. This flaw can be described as an “inappropriate implementation in V8“.

Zero-Day CVE-2020-16017

Use-after-free memory corruption issue in Google Chrome’s site isolation feature. It is the component of chrome which isolates each site’s data from one and another. This flaw can be described as a “use after free” memory corruption bug.

Google added in the advisory,

Google is aware of reports that exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild.

We need to take notice that CVE-2020-16009 a zero-day flaw Google patched last week was also a similar “Inappropriate implementation in V8” issue which was fixed in Chrome release 86.0.4240.183 and was reported by Clement Lecigne of Google’s Threat Analysis Group and Samuel Groß of Google Project Zero on 2020-10-29. It is not clear if the two issues are related.


Affected products

Google Chrome versions before 86.0.4240.198.


Impact

This issue allows attackers to cause a program to crash, use unexpected values, or execute code on the affected system.


Solution

Google has released the security updates addressing the issue in Google Chrome version 86.0.4240.198.


SanerNow detects this vulnerability and automatically fixes it by applying security updates. Download SanerNow and keep your systems updated and secure.


Summary
Author
Publisher Name
SecPod Technologies
Publisher Logo

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.

Leave a Reply

Your email address will not be published. Required fields are marked *