Excerpt:

“Google’s Project Zero team known to discover security threats has disclosed a zero-day vulnerability in Windows that affects versions from Windows 7 all the way to Windows 10 version 1903. The company’s post says that it has evidence of active exploits, which could allow attackers to execute code with elevated permissions.

What’s interesting is that the vulnerability that is tracked with the label CVE-2020-17087, coupled with another actively exploited Chrome zero-day vulnerability disclosed last week (CVE-2020-15999), performs what is known as a sandbox escape. This is where the malicious actor leverages these two bugs to execute code on a compromised target by escaping the secure environment of the browser, explains ZDNet’s Catalin Cimpanu.”

source: https://arstechnica.com/information-technology/2020/10/googles-project-zero-discloses-windows-0day-thats-been-under-active-exploit/