Google engineers have released an updated version of Google Chrome (86.0.4240.111) and warn that they have fixed in browser 0-day vulnerability that has been already under active attacks.
The error was discovered internally by Google Project Zero. It is identified as CVE-2020-15999 and is associated with the FreeType font rendering library included with standard Chrome distributions.
It is known that the bug is associated with a violation of the integrity of information in memory.
“A vulnerability exists in the function `Load_SBit_Png`, which processes PNG images embedded into fonts. The issue is that libpng uses the original 32-bit values, which are saved in `png_struct`. Therefore, if the original width and/or height are greater than 65535, the allocated buffer won’t be able to fit the bitmap”, — describe the issue IS specialists.
Project Zero Team Leader Ben Hawkes writes that cybercriminals are already using this bug to attack Chrome users and urges other vendors using this library to urgently update their software in case the attackers decide to transit attacks to other applications.
“Project Zero discovered and reported an actively exploited 0day in freetype that was used to target Chrome. A stable release that fixes this issue (CVE-2020-15999) is available here. While we only saw an exploit for Chrome, other users of freetype should adopt the fix in today’s stable release of FreeType 2.10.4.”, — posted Ben Hawkes on Twitter.
Indeed, a patch for this vulnerability was also included in the fresh version of FreeType (2.10.4) released this week.
So far, more detailed information about the operation of CVE-2020-15999 has not been disclosed. It should be said that this is a common practice for Google: the company’s specialists can “keep silent” for months on the technical details of vulnerabilities in order not to give cybercriminals hints and allow users to install updates safely.
However, this time the fixes can be traced back to the source code of the open source FreeType project. Therefore, experts warn that, most likely, attackers will be able to quickly reverse engineer the bug and create their own exploits for it within the next few days.
Let me remind you that due to the pandemic Google developers re-enabled FTP support for Chrome.