Home > Cyber News > CVE-2020-16010: Zero-Day in Chrome for Android, Patch Now
CYBER NEWS

CVE-2020-16010: Zero-Day in Chrome for Android, Patch Now

CVE-2020-16010 is yet another critical zero-day that Google recently patched. This time, affected is the Android version of the Chrome browser. The vulnerability is a heap buffer overflow in UI in Google Chrome on Android in versions prior to 86.0.4240.185.

What is CVE-2020-16010?

CVE-2020-16010 could allow a remote attacker who had compromised the renderer process to potentially perform a sandbox escape using a crafted HTML page.

Note that “Google is aware of reports that an exploit for CVE-2020-16010 exists in the wild.” In addition to the bug fix, the latest Chrome for Android release also includes stability and performance improvements.

Goole also addressed another bug in Chrome for desktop – CVE-2020-16009. This flaw is described as an inappropriate implementation flaw in V8, Chrome’s open source JavaScript engine. The bug is exploited in remote execution attacks through a crafted HTML page.

Chrome users should update their installations immediately.

Not the first zero-day exploited this year

Earlier this month, security researchers disclosed information about CVE-2020-15999, another zero-day bug in Chrome which was actively exploited. This zero-day is a type of memory-corruption vulnerability, known as heap buffer overflow in FreeType, an open-source development library for rendering fonts included in standard Chrome distributions.

The flaw was discovered by Google Project Zero’s security researcher Sergei Glazunov on October 19. What is more, CVE-2020-15999 is the third zero-day exploited in attacks in the past year. CVE-2019-13720 was spotted in October 2019, and CVE-2020-6418 – in February 2020. CVE-2019-13720 was a use-after-free issue, related to memory corruption, whereas CVE-2020-6418 was a type confusion vulnerability.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...