image credit: Unsplash

Google fixes the second zero-day in Chrome in 2 weeks actively exploited

November 3, 2020

Google has released Chrome 86.0.4240.183 for Windows, Mac, and Linux that address ten security vulnerabilities including a remote code execution (RCE) zero-day (CVE-2020-16009) exploited by threat actors in the wild.

The RCE is an inappropriate implementation in V8, which is Google’s open-source and C++ based high-performance WebAssembly and JavaScript engine.

The zero-day flaw was discovered on October 29, 2020 by Google white-hat hacker Samuel Groß of Google Project Zero and Clement Lecigne of Google’s Threat Analysis Group.

Read More on Security Affairs