The flaw lies in the FreeType font library that underlies Chrome and all Chromium-based browsers, including Brave, the new Microsoft Edge, Opera, Vivaldi, and dozens of others.
A flaw in the way the FreeType library handles image sizes allows memory buffer overflow so that hackers and malicious websites can execute unauthorized code and potentially take over the browser.“The stable channel has been updated to 86.0.4240.111 for Windows, Mac and Linux and will be available in the coming days / weeks,” wrote Prudhvikumar Bommana, manager of Google’s technical program, on Tuesday (October 20) in the official Chrome Blog.
Since the flaw lies in Chromium, the open source foundation of Chrome, other Chromium-based browsers also need to be updated. We haven’t seen any updates for Brave or Edge at the time of writing on October 21.
How to update Chrome
To manually update Chrome on Windows and MacOS, in most cases you can simply restart your browser. The update will be installed automatically when an update is available. (It was available for Chrome on our primary Windows PC.)
Otherwise, click the three stacked dots in the upper right corner of the browser window, find Help in the pop-up windows, and then click About Google Chrome. A new tab will open and the update will start, if one is available. After that you have to restart the browser.
The update procedure is the same in Brave. In Edge it’s “Three Points” -> Settings -> About Microsoft Edge. Other chromium derivatives may vary in their update procedures.
On Linux, Chrome updates depend on your distribution. (Ubuntu will include Chrome updates in its regular daily updates as long as you have properly configured the update manager.) On mobile devices, the apps should prompt you to update when an update is available.
High severity
The FreeType bug, listed as CVE-2020-15999 and rated “Severe,” was discovered by Google’s Sergei Glazunov. Neither Bommana nor Glazunov gave details on who was exploiting this bug, although Google is expected to release technical details on October 26th.
Since Glazunov posted code for a patch on a FreeType developer forum, other attackers can likely find out what is wrong and create their own exploits.
In Chrome 86.0.4240.111, four more desktop vulnerabilities have been fixed, with severities ranging from “High” to “Medium”.
Bommana didn’t mention Chrome on mobile, but our Android version of Chrome got an update this morning to version 86.0.4240.110, which is likely related. Our Chromebook has been updated to version 85.0.4183.131, which may sound different.
These were the details of the news Critical Chrome Vulnerability Detected – How to Update Now for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.
It is also worth noting that the original news has been published and is available at de24.news and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.