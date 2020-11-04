Among the various subsidiaries and teams under the aegis of Google, Project Zero is among the most interesting. This is a digital security team of white hat hackers who work hard to find loopholes in the most diverse services on the internet so that fixes can be developed quickly.

The team has worked with Samsung on its Android distribution before and even with Apple and macOS, and this week has been tasked with fixing flaws in one of the search giant’s most important services.

For the third time in a row in two weeks, Project Zero has fixed zero-day security vulnerabilities in Google Chrome, so-called when they have already been exploited by criminals. The announcement was made by Ben Hawkes, head of Google’s virtual security team through his Twitter account.

A few people noticed that CVE-2020-16010 was not included in the link above. This is because Chrome has separate release notes for the desktop and Android. The release notes covering CVE-2020-16010 (sandbox escape for Chrome on Android) are now available here: https://t.co/6hBKMuCAaK

– Ben Hawkes (@benhawkes) November 3, 2020

In total, two flaws have been fixed, one in Chrome for the desktop and the other in the company’s browser for Android. On computers, bug CVE-2020-16009 allowed remote code execution on V8, Chromium’s custom JavaScript engine. In mobile phones, the CVE-2020-16010 error allowed malicious code to run outside of the sandbox environment, which is used precisely to prevent such invasions.

Hawkes did not give more details on the security holes, so it is not known how long these holes are exploited, neither those responsible nor affected. Since the fixes have already been released via updates, it is recommended that you update your Chrome as soon as possible.

