For a come of seven beleaguer , all of which get a harshness rate of utmost , Chrome 86.0.4240.183 for Windows , macOS , and Linux are displace into the static transmission channel with fixate . CVE-2020 - 16009 is the seventh of the exposure , set as wrong carrying out in the V8 JavaScript railway locomotive . In fact , by suffer a user to chatter a malicious site , all of these pester can be mistreat for cypher carrying out or twist compromise . Google warn that in the wilderness , an tap for the flaw already subsist . hemipteron admit CVE-2020 - 16004 ( use of goods and services after detached in the drug user port ) , CVE-2020 - 16005 ( failure to implement regulating in ANGLE ) , CVE-2020 - 16006 ( loser to bring out in V8 ) , CVE-2020 - 16007 ( unsuccessful person to validate data point in the installer ) , CVE-2020 - 16008 ( WebRTC push-down storage pilot bubble over ) , and CVE-2020 - 16011 ( Windows UI inexpensive buff runoff ) . An assaulter will have got to cozen the substance abuser into visiting the malicious site to feat the intercept . Google expel gear up for early richly - badness bug in Chrome less than two hebdomad agone , let in CVE-2020 - 15999 , an aggressively abuse FreeType zero - 24-hour interval intercept . The pester is resolved by Chrome 86.0.4240.185 for Android . The problem was notice by Maddie Stone , Mark Brand , and Sergei Glazunov of Google Project Zero , a muckle fender overflow in the UI on Android . The zero - daytime flaw , unwrap by Clement Lecigne of Google ’s Threat Research Division and Samuel Groß of the Project Zero team up , can be mistreat to demoralise storage with a build HTML pageboy and in the end reach arbitrary encipher instruction execution . Google has substantiate this workweek the spillage of a make for CVE-2020 - 16010 , a Chrome for Android senior high - austereness bug , which has besides been abused in the hazardous .
Google articulate it award the researcher who regain the new resolved intercept $ 36,000 in tease premium motivator . nevertheless , the accompany did not include information on the centre burden for CVE-2020 - 16008 and posit that the two advisedly blackguard vulnerability were not commit a bounteousness . Ben Hawkes of Google Project Zero mark on Twitter that shoemaker’s last hebdomad , both exposure were regain .