Google Chrome stable channel users are receiving an update that rings along multiple security fixes. Update v86.0.4240.111 includes a fix for zero-day vulnerability CVE-2020-15999 discovered by a member in Google's Project Zero team. This new zero-day vulnerability is reported to be a memory bug in the FreeType font rendering library. This was spotted being abused by a threat actor. Chrome users are recommended to install this latest update by going into the Help section.
The tech giant has confirmed via a blog post that it has updated the Chrome stable channel to 86.0.4240.111 for Windows, Mac, and Linux users. This update will roll out for all users in the coming week. Chrome users can update to the latest version via the integrated update function inside the browser itself. Hit the three dots on the top right corner of the browser window and select Help > About Google Chrome. Here it will show you of any pending update, and after installation, it will ask you to relaunch the browser to finish the updating process.
CVE-2020-15999 zero-day vulnerability in FreeType was discovered and reported by security researcher Sergei Glazunov of Google Project Zero. The tech giant says that is aware of reports that an exploit for CVE-2020-15999 exists in the wild against Chrome users. It is described as a memory corruption bug and FreeType text rendering library has also released version 2.10.4 update as an important security release. The website states, “This is an emergency release, fixing a severe vulnerability in embedded PNG bitmap handling.”
Project Zero team lead Ben Hawkes tweeted that other app vendors of Freetype should also adopt the fix a s threat actors may decide to shift their target from Chrome to other apps that use FreeType.
Is Android One holding back Nokia smartphones in India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.