Time to Update: Google Patches 2 Severe Zero-Day Chrome Vulnerabilities

Time to Update: Google Patches 2 Severe Zero-Day Chrome Vulnerabilities

A spate of zero-day attacks have hit Google’s Chrome browser in the last few weeks, and you can add two more to the list. Google released a patch this week to fix the security flaws in its browser, but we don’t know exactly what the flaws are. Unlike the last few zero-days, Google didn’t find these security holes itself. Instead, it was tipped by anonymous third-parties, and the problems are severe enough that it hasn’t released full details. Suffice it to say, you should stop putting off that update.

Google’s internal security team is constantly trying to break Chrome in order to uncover potential bugs before they become the basis for a harmful malware campaign. And indeed, Google catches a lot of glitches and pushes out patches before anyone outside the company notices. A zero-day exploit is one that Google and the developer community didn’t catch, and could therefore leave millions of machines open to attack.

We usually get details on patches in Chrome, but Google has temporarily withheld details of these latest flaws because both have been used in the wild as attack vectors. One of the flaws, CVE-2020-16013, is related to Google’s V8 JavaScript engine. The second is CVE-2020-16017, and this one is a “use after free” problem in memory management that allows code to leak out of Chrome’s Site Isolation sandbox.

Time to Update: Google Patches 2 Severe Zero-Day Chrome Vulnerabilities

Without more details, we can’t say if these bugs are any more severe than the others we’ve seen lately. However, they could have a much greater impact simply by virtue of the fact that internet ne’er-do-wells figured out how to exploit them before Google even knew there was a problem.

You’re protected as long as you’re on Chrome version 86.0.4240.198 or higher. You can check on that in Settings > Help > About Chrome. If you haven’t updated yet, you might have a nagging “update” badge at the top of Chrome right now. Just give in. These are serious bugs that are being actively used to take over computers. Granted, high-value vulnerabilities like these are usually used to target a specific set of individuals. This still isn’t a chance you want to take, and the details of these vulnerabilities won’t stay secret forever. You don’t want to be running an old version of Chrome when the details are widely known.

Continue reading

Cyberpunk 2077 Has a 43GB Pre-Launch Patch, With More to Come
Cyberpunk 2077 Has a 43GB Pre-Launch Patch, With More to Come

According to reports from early players, the game has a gargantuan 43.5GB pre-release patch. That might not even be the end of the necessary updates.

Google Struggled to Patch New Stadia Game After Closing Development Studio
Google Struggled to Patch New Stadia Game After Closing Development Studio

Google's in-house game developers were supposed to lead the charge, but now most of them are out of work, and there's no one to issue prompt patches for a brand new game. It's just one more embarrassing misstep for Stadia.

Cyberpunk 2077 Patch Delayed Because CDPR Employees Can’t Use Their PCs
Cyberpunk 2077 Patch Delayed Because CDPR Employees Can’t Use Their PCs

CD Projekt Red reportedly doesn't have its VPN up and running two weeks after the hack that stole its source code. That's not a good sign.

Microsoft Deploys Silent Patch to Fix Gaming Performance After April Updates
Microsoft Deploys Silent Patch to Fix Gaming Performance After April Updates

Microsoft is releasing a Known Issue Rollback (KIR) to address problems with a pair of system updates from earlier this month. The company now confirms that a "small subset" of Windows 10 systems suffered poor game performance after the updates.