Security News > 2020 > October > Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser
Google released an update to its Chrome browser that patches a zero-day vulnerability in the software's FreeType font rendering library that was actively being exploited in the wild.
Security researcher Sergei Glazunov of Google Project Zero discovered the bug which is classified as a type of memory-corruption flaw called a heap buffer overflow in FreeType.
Still, Ben Hawkes, technical lead for the Project Zero team, warned that while Google researchers only observed the Chrome exploit, it's possible that other implementations of FreeType might be vulnerable as well since Google was so quick in its response to the bug.
In addition to the FreeType zero day, Google patched four other bugs-three of high risk and one of medium risk-in the Chrome update released this week.
So far in the last 12 months Google has patched three zero-day vulnerabilities in its Chrome browser.
News URL
https://threatpost.com/google-patches-zero-day-browser/160393/
Related news
- Google Chrome to block admin-level browser launches for better security (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- After Chrome patches zero-day used to target Russians, Firefox splats similar bug (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Chrome 136 fixes 20-year browser history privacy risk (source)
- Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito (source)
- Google: 97 zero-days exploited in 2024, over 50% in spyware attacks (source)
- Google Reports 75 Zero-Days Exploited in 2024 — 44% Targeted Enterprise Security Products (source)
- Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android (source)
- Google Chrome to use on-device AI to detect tech support scams (source)