A new vulnerability in the Chrome browser is being exploited by hackers.
Google has addressed this issue by releasing a new update for chrome which is version 86.0.4240.111 today to patch several security high-severity issues, including a zero-day vulnerability. The vulnerability is dubbed as CVE-2020-15999.
The vulnerability is a memory leak flaw that is present in a popular open source software development library for rendering fonts that comes packaged with Chrome. Security researchers have reported the vulnerability and issue to Google and its authorized personnel.
Researchers have reported that the flaw is in the FreeType’s function “Load_SBit_Png,” which processes PNG images embedded into fonts. It can be exploited by attackers to execute arbitrary code just by using specifically crafted fonts with embedded PNG images.
Google has released a patched version of Chrome so that the users can update and secure themselves from these vulnerabilities. Besides the FreeType zero-day vulnerability, Google also patched four other flaws in the latest Chrome update, three of which are high-risk vulnerabilities.
NPAV recommends users to keep updating their software that are of use. Organizations release patches and security measures that will protect your devices from attacks and cyber criminals. Keeping the devices and software updated will help you in securing your cyber environment.
Install NPAV on your devices to keep them protected from all kinds of cyber attacks. Use NPAV and join us on a mission to secure the cyber world.