Prior to 86.0.4240.185, heap buffer overflow in Google Chrome UI on Android allowed a remote attacker who had breached the mechanism of the renderer to theoretically execute a sandbox escape with a designed HTML file.
Unpatched till Next week.
Tuesday, November 3, 2020, 8:38 GMT
As google chrome told:
We’ve just released Chrome 86 (86.0.4240.185) for Android: it’ll become available on Google Play over the next few weeks.
Security fixes in this release are listed in the corresponding Desktop Release. In addition, this Android release contains:
[$NA] High CVE-2020-16010: Heap buffer overflow in UI on Android.
Reported by Maddie Stone, Mark Brand, and Sergei Glazunov of Google Project Zero on 2020-10-31
Google is aware of reports that an exploit for CVE-2020-16010 exists in the wild.
This release also includes stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please let us know by filing a bug.