The security flaw, listed as CVE-2020-15999, is a memory corruption vulnerability that should not surprise those familiar with the Chrome security landscape. According to internal research by Google, 70 percent of all serious security holes affecting Chrome are memory-related. Microsoft researchers came up with a similar number.This time around, the patched exploit used a vulnerability in the FreeType font rendering library that shipped with Chrome. The security flaw was discovered by Google’s internal Project Zero team after Chrome users were attacked by cyberattacks.
A major update
Chrome users can stay protected by updating to the latest version of the browser, but others may still be at risk. Other software solutions that use the FreeType library may still be targeted. Therefore, Google recommends that those at risk download the latest version of FreeType to create patches.
“Project Zero discovered and reported an actively used 0-day freetype that was used to target Chrome,” said Ben Hawkes, director of Project Zero
. “While we’ve only seen one exploit for Chrome, other Freetype users should apply the update.”
Project Zero discovered and reported an actively exploited 0day in freetype that was being used to target Chrome. A stable release that fixes this issue (CVE-2020-15999) is available here: https://t.co/ZRQe72Qfkh— Ben Hawkes (@benhawkes) October 20, 2020
It is important that online users download the patch as soon as possible so that threat actors, including those who were previously unaware of the vulnerability, can choose to strike. Because FreeType is open source, the native patch can be viewed online and can therefore be used by cyberattackers to reverse engineer their own exploits.
These were the details of the news Google is releasing the Chrome security update to fix this dangerous... for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.
It is also worth noting that the original news has been published and is available at de24.news and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.