Google has released Chrome 86.0.4240.111 today, October 20th, 2020, to the Stable desktop channel to address five security vulnerabilities, one of them an actively exploited zero-day bug.“Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild,” the Google Chrome 86.0.4240.111 announcement reads.This version is rolling out to the entire userbase during the next days/weeks. Windows, Mac, and Linux desktop users can upgrade to Chrome 86 by going to Settings -> Help -> About Google Chrome.The Google Chrome web browser will then automatically check for the new update and install it when available.
Freetype zero-day bug under active exploitation
“Project Zero discovered and reported an actively exploited 0day in freetype that was being used to target Chrome,” said Ben Hawkes, technical team lead of Google’s ‘Project Zero’ security research team.“While we only saw an exploit for Chrome, other users of freetype should adopt the fix discussed here: https://savannah.nongnu.org/bugs/?59308 — the fix is also in today’s stable release of FreeType 2.10.4,” Hawkes added.The heap buffer overflow zero-day bug found in the popular FreeType text rendering library has been reported by Google Project Zero’s Sergei Glazunov on October 19.According to Glazunov’s report, the vulnerability “exists in the function `Load_SBit_Png`, which processes PNG images embedded into fonts.”The Load_SBit_Png FreeType function:
1) Obtains the image width and height from the header as 32-bit integers.
2) Truncates the obtained values to 16 bit and stores them in a `TT_SBit_Metrics` structure.
3) Uses the truncated values to calculate the bitmap size.
4) Allocates the backing store of that size.
5) Passes `png_struct` and the backing store to a libpng function.
“The issue is that libpng uses the original 32-bit values, which are saved in `png_struct`,” Glazunov further explained. “Therefore, if the original width and/or height are greater than 65535, the allocated buffer won’t be able to fit the bitmap.”
Full technical details for this actively exploited zero-day vulnerability should be released on Project Zero’s issue tracker on October 26.
Four other security flaws addressed
Google also fixed three other high severity security vulnerabilities and a medium severity flaw in Chrome 86.0.4240.111:• CVE-2020-16000: Inappropriate implementation in Blink (reported by amaebi_jp on September 6)
• CVE-2020-16001: Use after free in media (reported by Khalil Zhani on October 15)
• CVE-2020-16002: Use after free in PDFium (reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi’anxin Group on October 13)
• CVE-2020-16003: Use after free in printing (reported by Khalil Zhani on October 4)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.