Heads up, Android users! A new zero-day has just received a fix from Google with the latest Chrome for Android update. If you have Chrome for Android browser running on your devices, make sure to update it now.
Google Chrome for Android Zero-Day
Researchers from the Google security team have disclosed one more zero-day vulnerability affecting Chrome. This time, however, it isn’t the usual desktop Chrome browser. Rather, it’s the Chrome for Android that has the zero-day.
As per their standard, Google hasn’t disclosed any details about the vulnerability yet. That is to facilitate the majority of the users to update their devices before going public with the details.
Presently, all they disclosed is the existence of a “Heap buffer overflow in UI on Android”, CVE-2020-16010. It’s a high-severity bug that caught the attention of Maddie Stone, Mark Brand, and Sergei Glazunov of Google Project Zero in late October.
Google has admitted the active exploitation of the bug. It means the vulnerability has already attracted the attention of cybercriminals before receiving a fix. For now, it remains unclear how the adversaries are exploiting the flaw.
Google is aware of reports that an exploit for CVE-2020-16010 exists in the wild.
Anyhow, Google has fixed the vulnerability with the release of Chrome 86 (86.0.4240.185) for Android. The stable release came out on November 2, 2020, and will gradually reach the users.
Keep Chrome Updated On All Devices
While the update would automatically reach the devices, users can still check for the update manually to ensure patching their devices at the earliest.
This one marks the first zero-day in Chrome for Android, and the third in a row affecting Chrome and receiving a fix within weeks.
So, all in all, lots of zero-day bugs have surfaced online during the past few weeks. And, to be precise, users need to keep the Chrome browsers running on their desktops and smartphones up-to-date.