Google has released the Chrome and Chrome OS update that includes a fix to the zero-day security threat. Google’s security teams had detected the memory corruption bug in the software for Chrome and have swiftly acted upon it to release the new update. The zero-day bug has been dubbed as the CVE-2020-15999, and it was present in the FreeType font rendering library that comes bundled with the standard Chrome software. An internal security team of Google, Project Zero, found the bug and released the security patch, version 86.0.4240.111, on 20 October.
The update also brings fixes to some minor issues.
Ben Hawkes, Project Zero leader, shared the details and the link to the stable fix release on his Twitter account. He said that the “actively exploited” zero-day in FreeType was being used to target Chrome.
The security expert added that although the team spotted the bug in Chrome only, other users of the same FreeType library must check if they have come under the attack or not. He shared the link to the bug fix’s coding program, mentioning that the fix has also been added in the latest stable release of FreeType 2.10.4.
The update is likely to be installed in devices on its own, and if that is not the case, people can update to v. 86.0.4240.111 by going to the app’s in-built update option, accessible from the “About Google Chrome” section under the “Help” option in the Chrome menu.
Although the response to deal with the bug was fast, the number of zero-day exploits have fairly increased in recent time. According to ZDNet, CVE-2020-15999 was the third Chrome zero-day exploited in the wild in the last one year. The other two were CVE-2019-13720, spotted in October of 2019, and CVE-2020-6418, spotted in February this year.