Google Chrome Update for Windows, Mac, Linux Fixes Critical Zero-Day Bug

This update includes a fix for a zero-day vulnerability CVE-2020-15999 discovered by a member in Google’s Project Zero team.

By Tasneem Akolawala | Updated: 21 October 2020 14:10 IST

Google Chrome Update for Windows, Mac, Linux Fixes Critical Zero-Day Bug

The new FreeType zero-day vulnerability is described as a memory corruption bug

Highlights

Google has updated Chrome to version 86.0.4240.111
The update includes a total of five security fixes
This includes CVE-2020-15999 discovered by Project Zero

Google Chrome stable channel users are receiving an update that rings along multiple security fixes. Update v86.0.4240.111 includes a fix for zero-day vulnerability CVE-2020-15999 discovered by a member in Google's Project Zero team. This new zero-day vulnerability is reported to be a memory bug in the FreeType font rendering library. This was spotted being abused by a threat actor. Chrome users are recommended to install this latest update by going into the Help section.

The tech giant has confirmed via a blog post that it has updated the Chrome stable channel to 86.0.4240.111 for Windows, Mac, and Linux users. This update will roll out for all users in the coming week. Chrome users can update to the latest version via the integrated update function inside the browser itself. Hit the three dots on the top right corner of the browser window and select Help > About Google Chrome. Here it will show you of any pending update, and after installation, it will ask you to relaunch the browser to finish the updating process.

CVE-2020-15999 zero-day vulnerability in FreeType was discovered and reported by security researcher Sergei Glazunov of Google Project Zero. The tech giant says that is aware of reports that an exploit for CVE-2020-15999 exists in the wild against Chrome users. It is described as a memory corruption bug and FreeType text rendering library has also released version 2.10.4 update as an important security release. The website states, “This is an emergency release, fixing a severe vulnerability in embedded PNG bitmap handling.”

Project Zero team lead Ben Hawkes tweeted that other app vendors of Freetype should also adopt the fix a s threat actors may decide to shift their target from Chrome to other apps that use FreeType.

Is Android One holding back Nokia smartphones in India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.