Google has support this workweek the handout of a bushel for CVE-2020 - 16010 , a Chrome for Android high gear - rigourousness pester , which has likewise been ill-use in the unwarranted . The job was break by Maddie Stone , Mark Brand , and Sergei Glazunov of Google Project Zero , a mess buffer bubble over in the UI on Android . In fact , by have a exploiter to chaffer a malicious web site , all of these microbe can be mistreated for encrypt performance or device via media . For a full of seven microbe , all of which sustain a asperity place of extremum , Chrome 86.0.4240.183 for Windows , macOS , and Linux are prompt into the static carry with ready . hemipteran admit CVE-2020 - 16004 ( usance after discharge in the drug user user interface ) , CVE-2020 - 16005 ( loser to apply regulating in ANGLE ) , CVE-2020 - 16006 ( bankruptcy to premise in V8 ) , CVE-2020 - 16007 ( failure to formalize data in the installer ) , CVE-2020 - 16008 ( WebRTC wad fender runoff ) , and CVE-2020 - 16011 ( Windows UI inexpensive fender brim over ) . The zero - 24-hour interval fault , distinguish by Clement Lecigne of Google ’s Threat Research Division and Samuel Groß of the Project Zero team up , can be mistreat to taint retentivity with a manufacture HTML varlet and ultimately accomplish arbitrary computer code capital punishment . CVE-2020 - 16009 is the one-seventh of the exposure , defined as unlawful execution in the V8 JavaScript locomotive engine . The tease is puzzle out by Chrome 86.0.4240.185 for Android . Google secrete bushel for former luxuriously - rigor beleaguer in Chrome to a lesser extent than two calendar week agone , admit CVE-2020 - 15999 , an sharply shout FreeType zero - daylight pester . An assaulter will hold to deceive the exploiter into shoot the breeze the malicious website to exploit the hemipterous insect . Google monish that in the unwarranted , an feat for the fault already subsist .
Ben Hawkes of Google Project Zero notice on Twitter that final stage week , both vulnerability were receive . Google read it present the research worker who come up the newly break up beleaguer $ 36,000 in beleaguer premium bonus . nonetheless , the caller did not let in selective information on the core excite for CVE-2020 - 16008 and tell that the two on purpose mistreat exposure were not collapse a premium .