He said in a tweet that the two vulnerabilities had been found by the Project Zero team and Google TAG last week.
The bugs affected both the desktop and Android versions of Chrome, a browser which has about 65% of the market.
Today Chrome fixed two more vulnerabilities that were being actively exploited in the wild (discovered by Project Zero/Google TAG last week). CVE-2020-16009 is a v8 bug used for remote code execution, CVE-2020-16010 is a Chrome sandbox escape for Android. https://t.co/IOhFwT0Wx1— Ben Hawkes (@benhawkes) November 2, 2020
"CVE-2020-16009 is a v8 bug used for remote code execution, CVE-2020-16010 is a Chrome sandbox escape for Android," Hawkes wrote.
On 23 October, Google announced details about a bug in Windows that was being exploited in the wild and went public after giving Microsoft a week to fix the flaw.
Noting that exhaustive details of the Windows bug had been revealed, but only few details of the two Chrome bugs had been revealed, an individual named Jim DeVries tweeted: "Has Google released the same level of detail as the Microsoft vuln announced last Friday?"
Has Google released the same level of detail as the Microsoft vuln announced last Friday?— Jim DeVries (@JimDinMN) November 2, 2020
In its advisory for the flaw in the desktop version of Chrome, Google said: "Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed."