Google has patched a zero-day vulnerability in Chrome that is being exploited in the wild. The new patch is a part of the latest Chrome update that carries version 80.0.3987.122 for Windows, Mac, and Linux users, the search giant revealed through a blog post. The update is the third in the series of zero-day fixes that Google has brought in the past year. The first zero-day vulnerability was discovered and patched in March last year. It was a part of the Chrome version 72.0.3626.121.
Antti Tikkanen of Google's Threat Analyst Group posted a tweet on Tuesday to announce the patching of the zero-day vulnerability that is tracked under CVE-2020-6418. The Chrome team also separately mentioned in the blog post that the vulnerability was reported by Clement Lecigne of Google's Threat Analysis Group on February 18.
It is unclear whether any malicious parties leveraged the security loophole to affect Chrome users. However, the vulnerability has been described as a “type confusion in V8.”
The Chrome version 80.0.3987.122 that includes the fix for the newly discovered zero-day flaw is available for download for Windows, Mac, and Linux users. The update also contains fixes for two other vulnerabilities that had “high” severity.
In March last year, Google patched the zero-day flaw listed as CVE-2019-5786 that was also reported by Clement Lecigne of the Threat Analysis Group. The second zero-day vulnerability that the search giant fixed in the last one year was tracked by an identifier of CVE-2019-13720 that was patched in November.