Chrome zero-day means now would be a good time to restart your browser

Home » Chrome

Reading time icon 1 min. read

Calendar icon Published on

by Surur Davids 

published on

Share this article

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

google chrome

Google has patched 5 security vulnerabilities in its Chrome browser, one of which is being exploited in the wild.

The vulnerabilities include one buffer overflow and three use-after-free vulnerabilities, but CVE-2020-15999 is the worst, and depends on your browser automatically installing custom fonts.

CVE-2020-15999 is a Heap buffer overflow in Freetype and was discovered by the Google Project Zero on 2020-10-19.

Google Project Zero did not disclose technical details about the attacks exploiting the CVE-2020-15999 in the wild to avoid mass exploitation from threat actors, but it is believed to be related to the ability of websites to request the installation of Web Open Font Format fonts, and could therefore likely be exploited simply by visiting a website.

Chrome browser versions earlier than 86.0.4240.111 are vulnerable. If you have a pending update (green arrow in your Chrome Menu) it may be a good time to restart your browser now, and if you do not, it may be a good idea to check your version under Chrome> Menu> Help > About.

via Sophos

Surur Davids

Surur Davids Shield

Smartphone Expert

Surur Davids is the founder of WMPoweruser which later became MSPoweruser.com. He's a smartphone expert with over a decade of experience.

User forum

0 messages