Chrome releases A Patch To Fix A Vulnerability In Freetype That Allows You To Control Affected Computers

Chrome releases A Patch To Fix A Vulnerability In Freetype That Allows You To Control Affected Computers

Google has released a patch for its Chrome browser to correct several security problems, including a vulnerability that allows hackers to control affected computers. 


The company has released Chrome version 86.0.4240.111 (for Windows, Mac and Linux), after Google Project Zero security researcher Sergei Glazunov discovered the vulnerability on October 19. 



This zero-day vulnerability - unknown so far -, named CVE-2020-15999, is due to a flaw in the open-source software development library for rendering fonts called Freetype, which is included in Chrome and that several projects use it. 


Glazunov also reported this zero-day vulnerability to Freetype developers, who released an emergency patch on October 20 to address the issue.


"This is an emergency version, which fixes a serious vulnerability in the handling of embedded PNG bitmaps," Freetype noted on its website. "All users must update immediately, " he added.



For his part, the technical leader of Google Project Zero, Ben Hawkes, also urged through his account on the social network Twitter to install the patch, although they have only "seen an exploit" in Chrome that was attacking users, not it is ruled out that there were others.



In addition to the zero-day vulnerability, the latest Chrome update fixes four other bugs, three of which are high- risk. Among the other four bugs it fixes are an inappropriate implementation bug in Blink and 'use after free' bugs in the media component, PDFium and the browser's print function, which would allow execution code, as noted by Google on its blog.

Previous Post Next Post

Found this article interesting? Follow Hackers Review on Facebook, Twitter  and Telegram to read more exclusive content we post.