Google rolls out Chrome and Chrome OS update to fix 'zero day' security threat

An internal security team of Google, Project Zero, found the bug and released the security patch, the version 86.0.4240.111, on 20 October.


Google has released the Chrome and Chrome OS update that includes a fix to the zero day security threat. Google’s security teams had detected the memory corruption bug in the software for Chrome and have swiftly acted upon it to release the new update. The zero day bug has been dubbed as the CVE-2020-15999 and it was present in the FreeType font rendering library that comes bundled with the standard Chrome software. An internal security team of Google, Project Zero, found the bug and released the security patch, the version 86.0.4240.111, on 20 October.

 Google rolls out Chrome and Chrome OS update to fix zero day security threat

Although the response to deal with the bug was fast, the number of zero-day exploits have fairly increased in recent time.

The update also brings fixes to some minor issues.

Ben Hawkes, leader of Project Zero shared the details and the link to the stable fix release on his Twitter account. He said that the “actively exploited” zero day in FreeType was being used to target Chrome.

The security expert added that although the team spotted the bug in Chrome only, other users of the same FreeType library must check if they have come under the attack or not. He shared the link to the coding program for the bug fix, mentioning that the fix has also been added in the latest stable release of FreeType 2.10.4.

The update is likely to be installed in devices on its own and if that is not the case, people can update to v. 86.0.4240.111 by going to the app’s in-built update option, accessible from the "About Google Chrome" section under "Help" option in the Chrome menu.

Although the response to deal with the bug was fast, the number of zero-day exploits have fairly increased in recent time. According to ZDNet, CVE-2020-15999 was the third Chrome zero-day exploited in the wild in the last one year. The other two were CVE-2019-13720, spotted in October of 2019 and CVE-2020-6418, spotted in February this year.


Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.