21 October 2020

Google patches Chrome zero day bug


Google patches Chrome zero day bug

Google has released Chrome version 86.0.4240.111 for Windows, Mac and Linux to address several vulnerabilities in its browser, including an actively exploited zero-day flaw.

Tracked as CVE-2020-15999, the vulnerability is described as a heap buffer overflow bug in FreeType rendering engine. The vulnerability “exists in the function `Load_SBit_Png`, which processes PNG images embedded into fonts,” and can be exploited with specifically crafted fonts with embedded PNG images.

“Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild,” Google said.

A patch for CVE-2020-15999 has been included in FreeType 2.10.4.

Windows, Mac, and Linux desktop users can upgrade to Chrome 86 via built-in update mechanism by going to Settings -> Help -> About Google Chrome.

In addition to CVE-2020-15999, the new Chrome version also includes patches for high severity flaws in Chrome's Blink rendering engine (CVE-2020-16000), and three use-after-free memory corruption bugs in PDFium (CVE-2020-16002), and the browser's media and printing functions (CVE-2020-16001, CVE-2020-16003).



Back to the list

Latest Posts

Fujitsu discloses malware infection, warns of possible data leak

Fujitsu discloses malware infection, warns of possible data leak

The tech giant did not specify what kind of malware its systems have been infected with.
19 March 2024
ShadowSyndicate ransomware group targeting Aiohttp flaw

ShadowSyndicate ransomware group targeting Aiohttp flaw

Organizations are urged to update to Aiohttp v3.9.
18 March 2024
The International Monetary Fund discloses cyberattack affecting 11 email accounts

The International Monetary Fund discloses cyberattack affecting 11 email accounts

The organization did not share any additional details regarding the nature of the attack.
18 March 2024