Google released an update today for its Chrome web browser that patches ten security bugs. Google confirmed that the “stable channel” desktop Chrome browser is being updated to version 86.0.4240.183 across Windows, Mac, and Linux platforms.
About the security bugs
The Chrome team has issued updates for several security fixes. Among these security bugs, 7 are high severity vulnerabilities including a zero-day. Below is details of the HIGH vulnerabilities fixed this time:
CVE-2020-16004: Use after free in the user interface.
CVE-2020-16005: Insufficient policy enforcement in ANGLE.
CVE-2020-16006: Inappropriate implementation in V8.
CVE-2020-16007: Insufficient data validation in the installer.
CVE-2020-16008: Stack buffer overflow in WebRTC.
CVE-2020-16009: Inappropriate implementation in V8.
CVE-2020-16011: Heap buffer overflow in UI on Windows.
Google reports that an exploit for CVE-2020-16009 exists in the wild. On October 20, Google also released a security update for Chrome to patch a Zero-Day vulnerability CVE-2020-15999. This is the second Chrome zero-day that Google found exploited in the wild in the past two weeks.
Remediation
Google Chrome Stable Channel Update for Desktop has been updated to 86.0.4240.183 for Windows, Mac, and Linux.
Qualys Detection
Qualys customer can scan their network with QID 373714: Google Chrome Prior To 86.0.4240.183 Multiple Vulnerabilities.
References and Sources
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html