Google has released the Chrome and Chrome OS update that includes a fix to the zero day security threat. Google’s security teams had detected the memory corruption bug in the software for Chrome and have swiftly acted upon it to release the new update. The zero day bug has been dubbed as the CVE-2020-15999 and it was present in the FreeType font rendering library that comes bundled with the standard Chrome software. An internal security team of Google, Project Zero, found the bug and released the security patch, the version 86.0.4240.111, on 20 October.
The update also brings fixes to some minor issues.
Ben Hawkes, leader of Project Zero shared the details and the link to the stable fix release on his Twitter account. He said that the “actively exploited” zero day in FreeType was being used to target Chrome.
While we only saw an exploit for Chrome, other users of freetype should adopt the fix discussed here: https://t.co/cCfpXvi18X -- the fix is also in today's stable release of FreeType 2.10.4.
— Ben Hawkes (@benhawkes) October 20, 2020
The security expert added that although the team spotted the bug in Chrome only, other users of the same FreeType library must check if they have come under the attack or not. He shared the link to the coding program for the bug fix, mentioning that the fix has also been added in the latest stable release of FreeType 2.10.4.
The update is likely to be installed in devices on its own and if that is not the case, people can update to v. 86.0.4240.111 by going to the app’s in-built update option, accessible from the "About Google Chrome" section under "Help" option in the Chrome menu.
Although the response to deal with the bug was fast, the number of zero-day exploits have fairly increased in recent time. According to ZDNet, CVE-2020-15999 was the third Chrome zero-day exploited in the wild in the last one year. The other two were CVE-2019-13720, spotted in October of 2019 and CVE-2020-6418, spotted in February this year.
source https://www.firstpost.com/tech/news-analysis/google-rolls-out-chrome-and-chrome-os-update-to-fix-zero-day-security-threat-8944951.html