Earlier this week, Google released an update on three security bugs, which include a zero-day vulnerability as well. According to Google, the vulnerability was being actively exploited in the wild. The tech giant has patched the zero-day bug tied to memory corruptions, however, has kept the details hidden. The update does not explicitly accept whether the vulnerability was being used against Chrome users or not.
For now, all we know is that the issue was discovered last week by Clement Lecigne, a member of Google’s Threat Analysis Group. This division investigates and tracks threat actor groups.
Found and analyzed with a lot of help from @5aelo and Sergei. https://twitter.com/anttitikkanen/status/1232070933063577600 …Antti Tikkanen@anttitikkanen
Latest Chrome update patches CVE-2020-6418, 0day found in the wild by @_clem1 : https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html?m=1 …
The patches for this bug have been released as part of Chrome version 80.0.3987.122. This update is currently available for Windows, Mac, and Linux users, but not Chrome OS, iOS, and Android.
If we look back, this is the third Chrome Zero-day bug that was exploited. The first patch was released in March last year and the second in November.