In addition to patching the actively exploited bug, the update also brings fixes for another four security loopholes
Google has rolled out an update to its Chrome web browser that fixes five security flaws, including a vulnerability that is known to be actively exploited by attackers.
“Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild,” said Google about the zero-day flaw in FreeType, a widely used software development library that is also a Chrome component. The bug in this font rendering library affects the browser versions for Windows, macOS, and Linux.
The flaw, classified as high-severity, was reported by Sergei Glazunov, a member of Google’s Project Zero, on October 19th, with the update released soon after. Details about the zero-day remain sparse, although Google did disclose that the memory-corruption flaw causes heap buffer overflow in FreeType.
Heap overflows are known to cause data corruption or unexpected behavior, which can be used to exploit a program in which the memory overflow occurs.
“This is an emergency release, fixing a severe vulnerability in embedded PNG bitmap handling… All users should update immediately,” reads the message on the FreeType website.
Ben Hawkes, the technical lead at Project Zero, tweeted that although the team only noticed an exploit targeting Chrome, those using FreeType should also ..
Support the originator by clicking the read the rest link below.
