You allow chrome (and Chrome-based browsers like Edge) to update automatically, don’t you?…:
Google has patched two zero-day vulnerabilities in its Chrome browser, the third time in two weeks that the company has fixed a Chrome security flaw that’s under active exploit.
Hawkes didn’t provide additional details, such as what desktop versions of Chrome were actively targeted, who the victims were, or how long the attacks had been going on. It also wasn’t clear if the same attack group was responsible for all three exploits. CVE-2020-16009 was in part discovered by a member of Google’s Threat Analysis Group, which focuses on government-backed hacking, suggesting that exploits of that vulnerability may be the work of a nation-state. Project Zero was involved in the discovery of all three of the zero-days.