Time to update Google Chrome and related browsers again: Google has released a fix for the second exploited zero-day security flaw in Chrome in the past two weeks. The fix applies to Windows, macOS, and Linux.

"CVE-2020-16009 is a v8 bug used for remote code execution," Ben Hawkes, technical lead for Google Project Zero, wrote on Twitter yesterday (November 2). He referred to the defect's catalog number, the component in Chrome that handles JavaScript, and the fact that the defect can be exploited via the Internet, respectively.

"Google is aware of reports of an exploit against CVE-2020-16009 in the wild," said Prudhvikumar Bommana, technical program manager for Chrome, Chrome version 86.0. 4240.183," he wrote in an official blog post listing the security fixes in Chrome version 86.0.

This is all that Bommana or Hawkes said about the vulnerability, which is detailed in the Chromium bug entry, but is not available to anyone but Chrome developers.

Chromium is open source code that runs under Brave, Chrome, Edge, Opera, Vivaldi, and many other browsers besides Firefox and Safari.

Google fixed an earlier, technically unrelated zero-day flaw two weeks ago (October 20), and related browsers soon followed suit. ("Zero-day" means that the developers did not have time to fix the flaw before the bad guys started using it in their attacks.)

However, this past Friday (October 30), Google revealed a zero-day flaw in Windows. This flaw was used in combination with the first Chrome flaw to hijack PCs via malicious websites. It is unclear if yesterday's new flaw is related to these attacks.

Most Chrome and Chromium variants update automatically when the browser is closed and launched again, but not all Chromium variants have released new versions to patch this flaw.

As of this writing, Brave has not released an update, but Edge has released a new update.

To manually initiate a Chrome or Chromium-based update, locate the three lines or dots in the upper right corner of the browser window and click Scroll down to About or Help --> About and select About.

A new tab will open, displaying the version number of the browser you are running. If a newer version is available, the browser will automatically download it and prompt you to restart.

For Chrome or Brave, you will want to update to version 86.0.4240.183, but that version is not yet available for the latter; the latest version for Edge is 86.0.622.61.

In his own tweet, Hawkes revealed that Chrome for Android has also been updated to version 86.0.4240.18, with another flaw patched.

The update will be rolling out to various devices over the next few weeks, but our phones got the update last night. Android prompts that updates are available when they are not automatically installed.