New Google Chrome Patch fixes actively exploited Zero-Day
Yesterday, Google released Google Chrome version 86.0.4240.111 to address vulnerabilities in the browser.
One vulnerability, CVE-2020-15999 has been confirmed to be a zero-day being actively exploited in the wild. This exploits a memory corruption bug in the FreeType font rendering library that’s included with standard Chrome distributions. Technical details about the exploit have not been released yet, but there is concern that attackers will focus on FreeType’s source code as it is an open source project, and begin to reverse engineer the zero-day.
Users can confirm their version of Google Chrome by going to Home -> Settings -> About Google Chrome.
Users should apply the patch for version 86.0.4240.111 as soon as possible to mitigate the risk involved with CVE-2020-15999