On October 20, 2020, Google Chrome issued an update announcement for the browser across all platforms. Google confirmed that the “stable channel” desktop Chrome browser is being updated to version 86.0.4240.111 across Windows, Mac, and Linux platforms. As per Google’s official sources, this urgent update will start rolling out over the coming few days or weeks.
About the security bugs
The Chrome team has issued updates for several security fixes in the past one month. Among these security bugs, 4 are high severity vulnerabilities including a zero-day, and 1 is with medium severity.
1. CVE-2020-16000: Inappropriate implementation in Blink.
2. CVE-2020-16001: Use after free in media.
3. CVE-2020-16002: Use after free in PDFium.
4. CVE-2020-15999: Heap buffer overflow in Freetype.
5. CVE-2020-16003: Use after free in printing. (Medium severity)
Google is aware that an exploit for CVE-2020-15999 exists in the wild.
Remediation
Google Chrome Stable Channel Update for Desktop has been updated to 86.0.4240.111 for Windows, Mac and Linux.
Qualys Detection
Qualys customer can scan their network with QID 373544: Google Chrome Prior To 86.0.4240.111 Multiple Vulnerabilities.
References and Sources
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html