Android smartphone users are advised to update Chrome to version 86.0.4240.185 or later.
Google has released security updates for the Chrome for Android browser to fix a zero-day vulnerability that is currently exploited in the wild. Chrome for Android version 86.0.4240.185 was released last night with fixes for CVE-2020-16010, a heap buffer overflow vulnerability in the Chrome for Android user interface (UI) component. Google said the bug was exploited to allow attackers to bypass and escape the Chrome security sandbox on Android devices and run code on the underlying OS. Details about the attack are not public to give Chrome users more time to install the updates and prevent other threat actors from developing exploits for the same zero-day. Google credited its internal Threat Analysis Group (TAG) team for discovering the Chrome for Android zero-day attacks.
