• Home
  • Apps
  • Apps News
  • Google Chrome Update for Windows, Mac, Linux Fixes Critical Zero Day Bug

Google Chrome Update for Windows, Mac, Linux Fixes Critical Zero-Day Bug

This update includes a fix for a zero-day vulnerability CVE-2020-15999 discovered by a member in Google’s Project Zero team.

Share on Facebook Tweet Snapchat Share Reddit Comment
Google Chrome Update for Windows, Mac, Linux Fixes Critical Zero-Day Bug

The new FreeType zero-day vulnerability is described as a memory corruption bug

Highlights
  • Google has updated Chrome to version 86.0.4240.111
  • The update includes a total of five security fixes
  • This includes CVE-2020-15999 discovered by Project Zero

Google Chrome stable channel users are receiving an update that rings along multiple security fixes. Update v86.0.4240.111 includes a fix for zero-day vulnerability CVE-2020-15999 discovered by a member in Google's Project Zero team. This new zero-day vulnerability is reported to be a memory bug in the FreeType font rendering library. This was spotted being abused by a threat actor. Chrome users are recommended to install this latest update by going into the Help section.

The tech giant has confirmed via a blog post that it has updated the Chrome stable channel to 86.0.4240.111 for Windows, Mac, and Linux users. This update will roll out for all users in the coming week. Chrome users can update to the latest version via the integrated update function inside the browser itself. Hit the three dots on the top right corner of the browser window and select Help > About Google Chrome. Here it will show you of any pending update, and after installation, it will ask you to relaunch the browser to finish the updating process.

CVE-2020-15999 zero-day vulnerability in FreeType was discovered and reported by security researcher Sergei Glazunov of Google Project Zero. The tech giant says that is aware of reports that an exploit for CVE-2020-15999 exists in the wild against Chrome users. It is described as a memory corruption bug and FreeType text rendering library has also released version 2.10.4 update as an important security release. The website states, “This is an emergency release, fixing a severe vulnerability in embedded PNG bitmap handling.”

Project Zero team lead Ben Hawkes tweeted that other app vendors of Freetype should also adopt the fix a s threat actors may decide to shift their target from Chrome to other apps that use FreeType.


Is Android One holding back Nokia smartphones in India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Tasneem Akolawala Tasneem Akolawala is a Senior Reporter for Gadgets 360. Her reporting expertise encompasses smartphones, wearables, apps, social media, and the overall tech industry. She reports out of Mumbai, and also writes about the ups and downs in the Indian telecom sector. Tasneem can be reached on Twitter at @MuteRiot, and leads, tips, and releases can be sent to tasneema@ndtv.com. More
US Congresswomen Alexandria Ocasio-Cortez, Ilhan Omar Streamed Among Us in Twitch Debut

Related Stories

 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com