Security News > 2020 > October > Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser
Google released an update to its Chrome browser that patches a zero-day vulnerability in the software's FreeType font rendering library that was actively being exploited in the wild.
Security researcher Sergei Glazunov of Google Project Zero discovered the bug which is classified as a type of memory-corruption flaw called a heap buffer overflow in FreeType.
Still, Ben Hawkes, technical lead for the Project Zero team, warned that while Google researchers only observed the Chrome exploit, it's possible that other implementations of FreeType might be vulnerable as well since Google was so quick in its response to the bug.
In addition to the FreeType zero day, Google patched four other bugs-three of high risk and one of medium risk-in the Chrome update released this week.
So far in the last 12 months Google has patched three zero-day vulnerabilities in its Chrome browser.
News URL
https://threatpost.com/google-patches-zero-day-browser/160393/
Related news
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- Google: 70% of exploited flaws disclosed in 2023 were zero-days (source)
- Google to let businesses create curated Chrome Web Stores for extensions (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)