Google has released today a Chrome update to address three security bugs, including a zero-day vulnerability that is being actively exploited in the wild.
Details about these attacks are not yet public, and we don't know how this bug is being used against Chrome users.
All we know is that the attacks were discovered last week, on February 18, by Clement Lecigne, a member of Google's Threat Analysis Group, a division at Google that investigates and tracks threat actor groups.
Patches for this zero-day have been released part of Chrome version 80.0.3987.122. The update is available for Windows, Mac, and Linux users, but not Chrome OS, iOS, and Android.
The zero-day is tracked under the identifier of CVE-2020-6418, and is described only as a "type confusion in V8."
A type confusion refers to coding bugs during which an app initializes data execution operations using input of a specific "type" but is tricked into treating the input as a different "type."
The "type confusion" leads to logical errors in the app's memory and can lead to situations where an attacker can run unrestricted malicious code inside an application.
Third Chrome zero-day in the past year
This is the third Chrome zero-day that has been exploited in the wild in the past year.