21 October 2020

Google patches Chrome zero day bug


Google patches Chrome zero day bug

Google has released Chrome version 86.0.4240.111 for Windows, Mac and Linux to address several vulnerabilities in its browser, including an actively exploited zero-day flaw.

Tracked as CVE-2020-15999, the vulnerability is described as a heap buffer overflow bug in FreeType rendering engine. The vulnerability “exists in the function `Load_SBit_Png`, which processes PNG images embedded into fonts,” and can be exploited with specifically crafted fonts with embedded PNG images.

“Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild,” Google said.

A patch for CVE-2020-15999 has been included in FreeType 2.10.4.

Windows, Mac, and Linux desktop users can upgrade to Chrome 86 via built-in update mechanism by going to Settings -> Help -> About Google Chrome.

In addition to CVE-2020-15999, the new Chrome version also includes patches for high severity flaws in Chrome's Blink rendering engine (CVE-2020-16000), and three use-after-free memory corruption bugs in PDFium (CVE-2020-16002), and the browser's media and printing functions (CVE-2020-16001, CVE-2020-16003).



Back to the list

Latest Posts

3 Nigerian BEC scammers arrested for targeting thousands of companies across the globe

3 Nigerian BEC scammers arrested for targeting thousands of companies across the globe

The gang is believed to have compromised more than 500,000 government and private sector companies in more than 150 countries since 2017.
26 November 2020
Belden reveals data breach affecting current and former employees, business partners

Belden reveals data breach affecting current and former employees, business partners

The stolen information may have included names, birthdates, government-issued identification numbers, and bank account information.
26 November 2020
Hacker leaks usernames and passwords for nearly 50K vulnerable Fortinet VPN devices

Hacker leaks usernames and passwords for nearly 50K vulnerable Fortinet VPN devices

The data dump contains usernames, passwords, access levels, and the original unmasked IP addresses of users connected to the VPNs.
26 November 2020