On November 11, 2020, Google Chrome issued an update announcement for the browser across all platforms. Google confirmed that the “stable channel” desktop Chrome browser is being updated to version 86.0.4240.198 across Windows, Mac, and Linux platforms. As per Google’s official sources, this urgent update will start rolling out over the coming few days or weeks.
About the security bugs
The Chrome team has issued updates for several security fixes in the past one month. Both these security bugs are high severity vulnerabilities.
- CVE-2020-16013: Inappropriate implementation in V8 The vulnerability allows remote attackers to compromise the affected system. Attackers can create a specially crafted web page, trick the victim into visiting it and compromise the system.
- CVE-2020-16017: Use after free in site isolation The vulnerability exists due to a use-after-free error within the site isolation component in Google Chrome. Attackers can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Google is aware that an exploit for CVE-2020-16013 and CVE-2020-16017 exists in the wild.
Remediation
Google Chrome Stable Channel Update for Desktop has been updated to 86.0.4240.198 for Windows, Mac and Linux.
Qualys Detection
Qualys customer can scan their network with QID 373998: Google Chrome Prior To 86.0.4240.198 Multiple Vulnerabilities.
References and Sources
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html