Chrome zero-day means now would be a good time to restart your browser

by Surur
October 24, 2020
google chrome

Is Copilot the best AI companion out there? Help us find out by answering a couple of quick questions!

Google has patched 5 security vulnerabilities in its Chrome browser, one of which is being exploited in the wild.

The vulnerabilities include one buffer overflow and three use-after-free vulnerabilities, but CVE-2020-15999 is the worst, and depends on your browser automatically installing custom fonts.

CVE-2020-15999 is a Heap buffer overflow in Freetype and was discovered by the Google Project Zero on 2020-10-19.

Google Project Zero did not disclose technical details about the attacks exploiting the CVE-2020-15999 in the wild to avoid mass exploitation from threat actors, but it is believed to be related to the ability of websites to request the installation of Web Open Font Format fonts, and could therefore likely be exploited simply by visiting a website.

Chrome browser versions earlier than 86.0.4240.111 are vulnerable. If you have a pending update (green arrow in your Chrome Menu) it may be a good time to restart your browser now, and if you do not, it may be a good idea to check your version under Chrome> Menu> Help > About.

via Sophos

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}