Google developers have released an update for the Chrome browser that fixes three security issues, including a zero-day vulnerability that is already used by hackers. The updated version of Chrome 90.0.3987.122 is available for users of Windows, Mac and Linux, but not yet for Chrome OS, iOS and Android.
The zero-day fixed vulnerability received the identifier CVE-2020-6418 and is described as type confusion in the V8 JavaScript engine.
It is not yet known which campaign this issue was involved in, it is only reported that the attacks were detected last week, February 18, 2020, by Clement Lecigne, a member of the Google Threat Analysis Group.
It is worth noting that this is the third 0-day vulnerability in Chrome in the last year, which was fixed after the attack began. So, the first zero-day problem (CVE-2019-5786) was fixed in March 2019 as part of Chrome 72.0.3626.121, and the second problem (CVE-2019-13720) was fixed in November 2019 as part of Chrome 78.0.3904.8.
