Google has rolled out an update last week for its Chrome web browser that fixes a range of security flaws including four that have been classified as highly severe. The vulnerabilities affect the Windows, macOS, and Linux versions of the popular browser.
As is common, details about the security loopholes are not openly shared by the tech titan until most users have had a chance to update their browsers to the newest version, mitigating the chance of the flaws being exploited by threat actors.
Three of the high-severity vulnerabilities are use-after-free flaws, with the first security bug indexed as CVE-2020-16037 affecting Chrome’s clipboard component. The second, which is tracked as CVE-2020-16038, resides in Chrome’s media component. As for CVE-2020-16039, it is found to affect the browser’s extensions component. The fourth high-severity vulnerability, labelled CVE-2020-16040 is an insufficient data validation bug in the V8 JavaScript engine.
The update fixes a total of eight vulnerabilities, with Google specifically listing six, where the fixes were contributed by external researchers. Besides the four high-severity bugs that were previously mentioned, the tech giant also disclosed two more flaws both of which are ranked as medium in severity.
The Cybersecurity and Infrastructure Security Agency (CISA) issued a security advisory advising users and system administrators to update their browser saying, “Google has released Chrome version 87.0.4280.88 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.”
Considering the disclosed vulnerabilities, users would do well to update their browsers to the latest version (87.0.4280.88) as soon as practicable. If you have automatic updates enabled, your browser should update by itself. You can also manually update your browser by visiting the About Google Chrome section, which can be found under Help in the menu bar.
Over the past few months, Google released a bumper crop of patches fixing five zero-day vulnerabilities in total.