A critical V8 Zero-day vulnerability in Chrome is actively exploited

Buzz

Ngày cập nhật gần nhất: 15/4/2026

All Chrome users should install the latest browser update, version 86.0.4240.183 on PC and version 86.0.4240.185 on Android as soon as possible. The updates have patched several security flaws, including 2 Zero-day vulnerabilities actively exploited by hackers.

In recent weeks, Google has been busy patching several actively exploited security vulnerabilities in its Chrome browser. The latest vulnerability exploits a weakness in the V8 JavaScript engine of the desktop version to carry out RCE attacks. Another issue on Chrome for Android is a Sandbox Escape vulnerability.

Update to the latest Chrome version to fix the V8 Zero-day vulnerability

Researchers from Google's Threat Analysis Group (TAG) and Project Zero recently uncovered a Zero-day vulnerability (CVE-2020-16009). On Monday, Google released Chrome 86.0.4240.183 for Windows, macOS, and Linux to address this issue.

How Dangerous is a Zero-Day Vulnerability?
Cyber attackers write code targeting specific security vulnerabilities. They package this code into malware known as Zero-day vulnerabilities. Malware exploits Zero-Day vulnerabilities to unauthorizedly access computer systems, mobile devices, and perform unintended actions, such as installing malware that may corrupt files or access contact lists to send spam or junk mail from user accounts, even installing spyware to steal sensitive information from users' computers, devices.

Read more: What is a Zero-Day Vulnerability?

The patch notes do not disclose details about the security vulnerability other than saying it relates to 'inappropriate deployment' in the JavaScript V8 extraction tool. They also mention that the vulnerability has been actively exploited.

Ben Hawkes, the technical lead of Google Project Zero, tweeted that this vulnerability allows attackers to conduct Remote Code Execution (RCE) attacks. Hawkes also mentioned a significant update for the Chrome version for Android, fixing a 'sandbox escape' bug on Android phones (CVE-2020-16010).

These two Zero-day vulnerabilities emerged right after Google addressed two other issues.

Hacker News reported CVE-2020-15999, a Buffer overflow bug in the Freetype font package that was actively exploited just two weeks ago. Another vulnerability (CVE-2020-17087) found over the weekend caused a buffer overflow in the Windows Kernel Cryptography Driver, resulting in a Sandbox Escape vulnerability. It was also actively exploited.

Update 86.0.4240.183 also includes several other high-priority security patches. Google advises users to update Chrome on both Android and desktop immediately.

Read more: How to Update to the Latest Version on Chrome

Download and update the latest version on PC, Android, iOS:

WhatsApp social media users will soon have access to a new storage management tool, making it easier to clean up GIF animations and spam messages.

Read more: WhatsApp helps tidy up GIFs and spam more easily with new storage management tool

Mytour's content is for customer care and travel encouragement only, and we are not responsible.

For errors or inappropriate content, please contact us at: [email protected]