New Delhi: Tech giant Google is asking Android smartphone users to update the Chrome browser after it patched a Zero-Day bug in Chrome.
The bug was reportedly exploited to allow attackers to bypass and escape the Chrome security sandbox on Android devices and run code on the underlying Operating System.
Google has also released security updates for the Chrome for Android browser to fix the Zero-Day vulnerability.
This is the third Chrome Zero-Day that has been discovered by the Google Threat Analysis Group (TAG) team in the past two weeks. The first two Zero-Days affected only Chrome for desktop versions.
“Chrome for Android version 86.0.4240.185 was released last night with fixes for the vulnerability dubbed as CVE-2020-16010,” a ZDNet report has said.
While the three zero-days are all different from each other, Google did not clarify if all zero-days are exploited by the same hacking group.
Late last month, a team of Google security researchers revealed a zero-day vulnerability in the Microsoft Windows operating system that is under active exploitation.
What is a Zero-Day vulnerability?
A Zero-Day (also known as 0-day) vulnerability is a computer-software vulnerability that is unknown to those who should be interested in mitigating the vulnerability (including the vendor of the target software). According to Google project Zero technical lead Ben Hawkes, the zero-day vulnerability is expected to be patched on November 10. The zero-day bug in the Windows kernel can be exploited to elevate an attacker’s code with additional permissions.
Meanwhile, on November 2, Google had written that it was aware of reports that an exploit for CVE-2020-16009 exists in the wild.
“We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel,” Google wrote in its blog.