Home > Cyber News > CVE-2020-16010: Zero-Day in Chrome for Android, Patch Now
CYBER NEWS

CVE-2020-16010: Zero-Day in Chrome for Android, Patch Now

by   |  Last Update:  |  0 Comments  

CVE-2020-16010 is yet another critical zero-day that Google recently patched. This time, affected is the Android version of the Chrome browser. The vulnerability is a heap buffer overflow in UI in Google Chrome on Android in versions prior to 86.0.4240.185.

What is CVE-2020-16010?

CVE-2020-16010 could allow a remote attacker who had compromised the renderer process to potentially perform a sandbox escape using a crafted HTML page.

Note that “Google is aware of reports that an exploit for CVE-2020-16010 exists in the wild.” In addition to the bug fix, the latest Chrome for Android release also includes stability and performance improvements.

Goole also addressed another bug in Chrome for desktop – CVE-2020-16009. This flaw is described as an inappropriate implementation flaw in V8, Chrome’s open source JavaScript engine. The bug is exploited in remote execution attacks through a crafted HTML page.

Chrome users should update their installations immediately.

Not the first zero-day exploited this year

Earlier this month, security researchers disclosed information about CVE-2020-15999, another zero-day bug in Chrome which was actively exploited. This zero-day is a type of memory-corruption vulnerability, known as heap buffer overflow in FreeType, an open-source development library for rendering fonts included in standard Chrome distributions.

The flaw was discovered by Google Project Zero’s security researcher Sergei Glazunov on October 19. What is more, CVE-2020-15999 is the third zero-day exploited in attacks in the past year. CVE-2019-13720 was spotted in October 2019, and CVE-2020-6418 – in February 2020. CVE-2019-13720 was a use-after-free issue, related to memory corruption, whereas CVE-2020-6418 was a type confusion vulnerability.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  2. Google’s Latest Android Security Update Fixes 47 Vulnerabilities Google has delivered their last and probably final Android update...
  3. CVE-2020-15999: FreeType Zero-Day Bug in Chrome Exploited in the Wild Are you running the latest version of Google Chrome (currently...
  4. June 2020 Patch Tuesday: Biggest Update in the History of Microsoft June 2020 Patch Tuesday is Microsoft’s biggest so far, containing...
  5. Which is the Most Secure Browser for 2020 – Chrome, Firefox, Edge, Safari? MARKET SHARE SECURITY RATING UPDATES FREQUENCY SECURITY PLUGINS SECURITY FEATURES...
  6. Blackrock Trojan Is a Android Malware Believed to Be Descendant from Lokibot The BlackRock Trojan is one of the newest Android Trojans...
  7. New Critical Bugs in Firefox, Chrome and Edge (CVE-2020-16044) Users should patch several new browser vulnerabilities affecting Chrome, Firefox,...
  8. iOS CVE-2021-30807 Zero-Day Exploited in the Wild, Patch Now A zero-day vulnerability in iOS, iPadOS, and macOS was just...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree