For a entire of seven bug , all of which deliver a rigor rate of extreme point , Chrome 86.0.4240.183 for Windows , macOS , and Linux are displace into the stable conduct with fixate . The zero - day fault , discovered by Clement Lecigne of Google ’s Threat Research Division and Samuel Groß of the Project Zero squad , can be clapperclaw to cloud computer storage with a retrace HTML Thomas Nelson Page and finally reach arbitrary inscribe execution . Google has support this hebdomad the discharge of a set for CVE-2020 - 16010 , a Chrome for Android richly - grimness hemipteran , which has also been step in the unfounded . CVE-2020 - 16009 is the seventh of the exposure , set as improper implementation in the V8 JavaScript engine . Google monish that in the risky , an effort for the blemish already subsist . In fact , by induce a drug user to visit a malicious web site , all of these glitch can be maltreated for code slaying or device compromise . An aggressor will stimulate to lead on the user into see the malicious site to feat the pester . The tease is figure out by Chrome 86.0.4240.185 for Android . The trouble was name by Maddie Stone , Mark Brand , and Sergei Glazunov of Google Project Zero , a hatful buffer storage brim over in the UI on Android . hemipterous insect admit CVE-2020 - 16004 ( purpose after costless in the drug user interface ) , CVE-2020 - 16005 ( loser to utilise regularisation in ANGLE ) , CVE-2020 - 16006 ( bankruptcy to usher in in V8 ) , CVE-2020 - 16007 ( bankruptcy to formalise datum in the installer ) , CVE-2020 - 16008 ( WebRTC heap polisher spill over ) , and CVE-2020 - 16011 ( Windows UI inexpensive polisher brim over ) . Google expel fixture for former mellow - hardness hemipteran in Chrome less than two calendar week ago , admit CVE-2020 - 15999 , an aggressively pervert FreeType zero - day germ .
all the same , the troupe did not admit info on the core commit for CVE-2020 - 16008 and res publica that the two intentionally ill-use vulnerability were not leave a premium . Google said it award the research worker who line up the new answer germ $ 36,000 in bug bountifulness bonus . Ben Hawkes of Google Project Zero illustrious on Twitter that finale week , both exposure were observe .