Serviceteam IT Security News

In addition to patching the actively exploited bug, the update also brings fixes for another four security loopholes

Google has rolled out an update to its Chrome web browser that fixes five security flaws, including a vulnerability that is known to be actively exploited by attackers.

“Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild,” said Google about the zero-day flaw in FreeType, a widely used software development library that is also a Chrome component. The bug in this font rendering library affects the browser versions for Windows, macOS, and Linux.

The flaw, classified as high-severity, was reported by Sergei Glazunov, a member of Google’s Project Zero, on October 19th, with the update released soon after. Details about the zero-day remain sparse, although Google did disclose that the memory-corruption flaw causes heap buffer overflow in FreeType. Heap overflows are known to cause data corruption or unexpected behavior on a system and may give an attacker “the keys to the kingdom”.

“This is an emergency release, fixing a severe vulnerability in embedded PNG bitmap handling… All users should update immediately,” reads the message on the FreeType website.

Ben Hawkes, the technical lead at Project Zero, tweeted that although the team only noticed an exploit targeting Chrome, those using FreeType should also patch their systems using the software library’s emergency fix, lest they be targeted by cybercriminals rushing to exploit the loophole. He also addressed concerns about whether the zero-day might also affect Chrome for Android.

The update also patched four other vulnerabilities, with three of them considered high- and one medium-severity bugs.

If you have automatic updates enabled, your browser should update to the latest 86.0.4240.111 version by itself. However, if you haven’t enabled this option, you’ll have to do it yourself via the About Google Chrome section, which is located under Help in the side menu.

Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!