Security News > 2020 > October > Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser

Google released an update to its Chrome browser that patches a zero-day vulnerability in the software's FreeType font rendering library that was actively being exploited in the wild.
Security researcher Sergei Glazunov of Google Project Zero discovered the bug which is classified as a type of memory-corruption flaw called a heap buffer overflow in FreeType.
Still, Ben Hawkes, technical lead for the Project Zero team, warned that while Google researchers only observed the Chrome exploit, it's possible that other implementations of FreeType might be vulnerable as well since Google was so quick in its response to the bug.
In addition to the FreeType zero day, Google patched four other bugs-three of high risk and one of medium risk-in the Chrome update released this week.
So far in the last 12 months Google has patched three zero-day vulnerabilities in its Chrome browser.
News URL
https://threatpost.com/google-patches-zero-day-browser/160393/
Related news
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- After Chrome patches zero-day used to target Russians, Firefox splats similar bug (source)