New Chrome Zero-Day Under Active Attack
Google Chrome Zero-Day Vulnerability
Google has released Chrome 86.0.4240.111 today to patch high-severity issues, including a zero-day vulnerability that has been exploited in the wild. This is currently impacting Windows, Linux and Mac OS.
The vulnerability (CVE-2020-15999) is a memory-corruption flaw called heap buffer overflow in Freetype, an open-source software development library for rendering fonts included with Chrome.
According to researchers, the vulnerability is in the FreeType’s function “Load_SBit_Png,” which processes PNG images embedded into fonts. It can be exploited by attackers to execute arbitrary code through specific fonts with embedded PNG images.
Patching the Chrome Vulnerabilities
Google released Chrome 86.0.4240.111 as Chrome’s “stable” version, which is available to all users. The company stated that “an exploit for CVE-2020-15999 exists in the wild,” but did not reveal the latest attack details.
Besides the FreeType zero-day vulnerability, Google also patched four other severe flaws in the latest Chrome update.
The following issues have been resolved:
- CVE-2020-16000: Inappropriate implementation in Blink
- CVE-2020-16001: Use after free in media
- CVE-2020-15999: Heap buffer overflow in Freetype
- CVE-2020-16003: Use after free in printing
Keep Your Organization Protected
Customers of Syxsense Manage and Syxsense Secure can find these updates within the console.
Syxsense allows you to manage and secure vulnerabilities exposed by open ports, disabled firewalls, ineffective user account policies, and security compliance violations from remote workers.
Detecting software vulnerabilities isn’t enough—traditional security scanners only do half the job by identifying and tracking possible vulnerabilities and exposure without eliminating the risk.
With security scanning and patch management in a single console, our vulnerability scanning feature not only shows you what’s wrong, but also deploys the solution. Gain visibility into OS and third-party vulnerabilities while increasing cyber resilience through automated patching and security scans.
Experience the Power of Syxsense
Start a trial of Syxsense, which helps organizations from 100 to 100,000 endpoints secure and manage their environment, all from just a web browser.