Google Chrome latest update fixes major flaw hackers have been ‘actively’ exploiting

We will use your email address only for sending you newsletters. Please see our Privacy Notice for details of your data protection rights.

Google Chrome fans shouldn’t delay in making sure their browser is up to date if they want to stay as safe as possible when surfing the net. This week the Mountain View firm has pushed out their latest version of Chrome – 86.0.4240.183 – which brings with it in total 10 security fixes. Six of these vulnerabilities have been rated as high risk, with reports that one of these Chrome flaws was being actively exploited by hackers on the desktop version of the market-leading browser.

The vulnerability in question was CVE-2020-16009, which if exploited could lead to hackers remotely running nefarious code on a victim’s machine.

Google highlighted the security fixes that the latest Chrome patch brings to the table in a blog post at the start of the week.

In it, Google’s Prudhvikumar Bommana said: “The stable channel has been updated to 86.0.4240.183 for Windows, Mac & Linux which will roll out over the coming days/weeks.

“This update includes 10 security fixes. Google is aware of reports that an exploit for CVE-2020-16009 exists in the wild.

“We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.”

Google also highlighted the rewards that were handed out to security researchers that contributed fixes, with prizes of $15,000, $5,000 and $1,000 awarded.

In a separate post online Google also red-flagged a sandbox escape bug discovered on the Android version of Chrome which is reportedly being actively exploited.

Google said that they were withholding the technical details of both of these bugs, waiting for patches to address these issues being fully rolled out.

Ben Hawkes, Google’s Project Zero technical lead, took to Twitter to post about these two vulnerabilities.

Hawkes wrote: “Today Chrome fixed two more vulnerabilities that were being actively exploited in the wild (discovered by Project Zero/Google TAG last week).

“CVE-2020-16009 is a v8 bug used for remote code execution, CVE-2020-16010 is a Chrome sandbox escape for Android.”

In other hacking news, recently reported that cyber crooks have been targeting Google Drive – a Google product they typically haven’t given much attention to before.

Last week it was revealed that cyber crooks managed to exploit a flaw in Google Drive to direct users to phishing scams.

The latest con sees what looks like legitimate and authentic Google Drive alerts being pushed out to unsuspecting users.

DON’T MISS: Microsoft gives Google Chrome users another reason to ditch browser

These alerts seem real enough, with it appearing like the e-mails or push notifications are being sent by Google themselves.

And the authentic-looking nature of these messages could lead to Google Drive users being caught off guard and falling for scams they wouldn’t usually be tricked by.

Speaking about the threat, Kaspersky’s David Emm said: “It’s difficult for Google to do anything if the notification is coming from a legitimate account; which is, of course, easy to create.

“Avoid clicking on unsolicited links of any kind when sent from unknown sources. If you weren’t expecting to receive it and don’t know the sender, don’t respond.”

Source: Read Full Article