Google Chrome for Android Gets a Zero-Day Vulnerability Fix Following Two Patches on Desktop Version
Google Chrome for Android version 86.0.4240.185 has been rolled out with the latest security fix.
- Google Chrome for Android update also includes performance improvements
- The zero-day issue has been identified as CVE-2020-16010
- Google Chrome for desktop received a zero-day fix just earlier this week
Google Chrome for Android users are recommended to quickly install the latest update
Google has released a new Chrome for Android update to fix a zero-day flaw that is currently exploited in the wild. The new update arrives just days after Google fixed two zero-day vulnerabilities in the desktop version of its Chrome browser. Details related to the attack are not yet public as a majority of Chrome for Android users are yet to install the update. Alongside the security fixes that include those rolled out initially for desktop users, the latest Chrome update also includes stability and performance improvements.
The latest Chrome for Android update carries version number 86.0.4240.185 that includes fixes for a heap buffer overflow vulnerability, listed as CVE-2020-16010. The issue exists in the user interface (UI) component of the Web browser.
“Google is aware of reports that an exploit for CVE-2020-16010 exists in the wild,” the company said in a blog post.
Google's Project Zero team reported the highly severe vulnerability on October 31. Further, the Threat Analysis Group (TAG) at Google, responsible for tracking threat actors, has been credited for discovering the zero-day attacks related to Chrome for Android.
Details of the bug and its exploit are not yet revealed as the update is currently in its rollout process. However, Google said that the new version would become available for download through Google Play over the next few weeks.
Earlier this week, Google rolled out a security update for its Chrome browser on desktops that patched a zero-day vulnerability, tracked as CVE-2020-16009, that existed in JavaScript engine V8.
Prior to the last update, Google patched another zero-day issue affecting its Chrome desktop version last month. That vulnerability, identified as CVE-2020-15999, impacted the FreeType font rendering library of the browser.
It is unclear whether the three zero-day bugs discovered in the last one month are exploited by a single threat actor or multiple groups. Having said that, users on both Android and desktop versions of the Chrome browser are recommended to install the latest updates as soon as they are available.
Is Android One holding back Nokia smartphones in India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.