Google’s web browser has a “zero-day” vulnerability actively exploited.
The Mountain View firm has just released a new update for Chrome. It does not provide new functionality, but important security fixes. Hence, it is highly recommended to update Chrome immediately.
FreeType is a freely available software library to render fonts.
It is written in C, designed to be small, efficient, highly customizable, and portable while capable of producing high-quality output (glyph images) of most vector and bitmap font formats.
Cyber Security researchers at Google’s Project Zero have discovered that this vulnerability is the subject of numerous hacker attacks. By exploiting this vulnerability, hackers can directly attack Chrome users. The flaw was described as a memory corruption problem in the FreeType font library found in standard versions of Chrome.
No Update From Google:-
Google does not specify the nature of the vulnerability. By doing so, he Mountain View firm is giving its users time to install The Chrome Corrective Update while not allowing attackers trying to exploit the flaw in meantime.
As for Chrome, Google has just released a new version of the browser. Users were recommended to download the newer Chrome version 86.0.4240.111 for Windows, Mac & Linux.
Chrome addressed the highlighted fixes that were contributed by external researchers, in its new patch:
- CVE-2020-16000: Inappropriate implementation in Blink.
- CVE-2020-16001: Use after free in media.
- CVE-2020-16002: Use after free in PDFium.
- CVE-2020-15999: Heap buffer overflow in Freetype.
- CVE-2020-16003: Use after free in printing.
- Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild.
What should you do?
Head to Chrome > Click on the three small dots, top right, then Help > About Google Chrome and relaunch browser if it offers you an update.