The vulnerabilities include a buffer overflow and three free-use vulnerabilities. However, CVE-2020-15999 is the worst and relies on your browser to automatically install custom fonts.
CVE-2020-15999 is a heap buffer overflow in Freetype and was discovered by Google Project Zero on October 19, 2020.
Google Project Zero has not released any technical details on the attacks that exploited CVE-2020-15999 in the wild to avoid mass exploitation by threat actors. However, it is believed that this is related to the ability of websites to request the installation of the Web Open Font format, and so could likely be exploited simply by visiting a website.
Chrome browser versions earlier than 86.0.4240.111 are vulnerable. If you have an update pending (green arrow in your Chrome menu), now may be a good time to restart your browser. If you don’t, it might be a good idea to check your version at Chrome> Menu> Help> About.
about Sophos
These were the details of the news Chrome zero-day means now is a good time to restart your... for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.
It is also worth noting that the original news has been published and is available at de24.news and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.