Google said the bug was exploited to allow attackers to bypass and escape the Chrome security sandbox on Android devices and run code on the underlying OS, reports ZDNet.
The tech giant has released security updates for the Chrome for Android browser to fix the Zero-Day vulnerability.
This marks the third Chrome Zero-Day discovered by the Google Threat Analysis Group (TAG) team in the past two weeks. The first two Zero-Days affected only Chrome for desktop versions.
“Chrome for Android version 86.0.4240.185 was released last night with fixes for the vulnerability dubbed as CVE-2020-16010,” the report said on Wednesday.
While the three zero-days are all different from each other, Google did not clarify if all zero-days are exploited by the same hacking group.
Late last month, a team of Google security researchers revealed a zero-day vulnerability in the Microsoft Windows operating system that is under active exploitation.
According to Google project Zero technical lead Ben Hawkes, the zero-day vulnerability is expected to be patched on November 10.
The zero-day bug in the Windows kernel can be exploited to elevate an attacker’s code with additional permissions.
A Zero-Day (also known as 0-day) vulnerability is a computer-software vulnerability that is unknown to those who should be interested in mitigating the vulnerability (including the vendor of the target software).