Zero-day vulnerability has been named by researchers "CVE-2020-15999”And is described as error affecting memory in the FreeType font rendering library, which is available in standard Chrome distributions.
His security researchers Project Zero (Google Internal Security Team) located attacks exploiting the zero-day vulnerability in FreeType.
According to the head of the Project Zero team, Ben Hawkes, there is at least one hacking team that exploits this bug to aim users of Chrome.
Hawkes urges even vendors of other applications, using the same FreeType library, to update their software as well, as attackers may decide to move attacks and target other applications. That's why Google released it yesterday FreeType 2.10.4, to help vendors fix vulnerabilities.
With regard to users of Chrome, can download the new version v86.0.4240.111 via the browser's built-in updates (go to the Chrome menu, click "Help" and go to the "About Google Chrome" section).
No details on zero-day have been released at this time vulnerability CVE-2020-15999. Google usually avoids posting technical details for months to give users enough time to update their systems without risking attacks (as long as it passes through the hand of the company).
However, since the patch for zero-day vulnerability is visible to FreeType source code (an open source project), attackers could reverse-engineer and find their own exploits within the next few days-weeks.
According to ZDNet, vulnerability CVE-2020-15999 is the third error this type (zero-day) in Google Chrome, used by hackers The last year. The two previous ones were the CVE-2019-13720 (October 2019) and CVE-2020-6418 (February 2020).