Google has released Chrome version 86.0.4240.111 that includes security fixes for several issues, including a patch for an actively exploited zero-day vulnerability tracked as CVE-2020-15999.
White hat hackers from the Google Project Zero team spotted attacks exploiting the vulnerability in the wild.
The researchers did not disclose technical details about the attacks exploiting the CVE-2020-15999 in the wild to avoid mass exploitation from threat actors.
Google Project Zero is recommending other app development teams who use the same FreeType library to update their software as well.
The FreeType version 2.10.4 address this issue.
Chrome users can update their install to v86.0.4240.111 via the browser’s built-in update function.
Experts pointed out that since the patch for this zero-day is visible in the source code of the FreeType open-source library, threat actors will be able to make a reverse-engineering of the code and develop working exploits for the issue.
(SecurityAffairs – hacking, Chrome)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.