Google released version 86.0.4240.198 of the Chrome browser for Windows, Mac, and Linux operating systems in order to address security vulnerabilities that have been exploited.
Google is asking users to update their browsers again as two vulnerabilities have been identified that allow an unauthenticated remote attacker to compromise an affected system across the web.
The detection brings the total number of vulnerabilities discovered within Chrome during the past three weeks to five security vulnerabilities that were actively exploited.
The company did not provide any information about the attacks that exploited the vulnerabilities or the threat actors behind the attacks.
Google said: Access to bug details and links may be restricted until the majority of users are updated with a fix.
It added: We also keep restrictions in case the bug is in a third-party library that other projects rely on and hasn’t fixed yet.
A remote attacker can exploit CVE-2020-16017 by creating a specially crafted webpage, tricking the victim into visiting it, triggering the flaw, and executing arbitrary code across the target system.
Meanwhile, a remote attacker can exploit CVE-2020-16013 by creating a specially crafted webpage, trick the victim into visiting it, and then being able to compromise the system.
Google has corrected five exploits that have been exploited since October 20, with version 86.0.4240.111 actively exploiting CVE-2020-15999 of the FreeType library, which was discovered by Google’s bug research team Project Zero.
While version 86.0.4240.183 fixed another vulnerability CVE-2020-16009 in remote code execution that was exploited, it also fixed the CVE-2020-16010 vulnerability in Chrome browser for Android devices.
Project Zero researchers also revealed the exploitation of CVE-2020-17087 to raise the privileges of the Windows kernel, which affects systems running Windows 7 or later, and is effectively exploited in targeted attacks.