Security News > 2020 > October > Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser
Google released an update to its Chrome browser that patches a zero-day vulnerability in the software's FreeType font rendering library that was actively being exploited in the wild.
Security researcher Sergei Glazunov of Google Project Zero discovered the bug which is classified as a type of memory-corruption flaw called a heap buffer overflow in FreeType.
Still, Ben Hawkes, technical lead for the Project Zero team, warned that while Google researchers only observed the Chrome exploit, it's possible that other implementations of FreeType might be vulnerable as well since Google was so quick in its response to the bug.
In addition to the FreeType zero day, Google patched four other bugs-three of high risk and one of medium risk-in the Chrome update released this week.
So far in the last 12 months Google has patched three zero-day vulnerabilities in its Chrome browser.
News URL
https://threatpost.com/google-patches-zero-day-browser/160393/
Related news
- Google to kill Chrome Sync on older Chrome browser versions (source)
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Google Chrome is making it easier to share specific parts of long PDFs (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)