New Chrome 0-day Under Active Attacks – Update Your Browser Now

Correlate

Level 16
Verified
May 4, 2019
721
Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today.

Google released Chrome version 86.0.4240.111 today to patch several security high-severity issues, including a zero-day vulnerability that has been exploited in the wild by attackers to hijack targeted computers.
Tracked as CVE-2020-15999, the actively exploited vulnerability is a type of memory-corruption flaw called heap buffer overflow in Freetype, a popular open source software development library for rendering fonts that comes packaged with Chrome.
 

Soulbound

Moderator
Verified
Staff member
Jan 14, 2015
1,775
and it looks like something got broken in meantime for chrome not to update since Version 86.0.4240.75

only way around is to do a clean install.

Update: - Chrome update services couldnt start no matter what i did. Installing chrome over chrome fixed the issue.

So you either do a clean install - recommended
or download latest version and install on top - less desirable.

8IGEKPhnTO.png
 
Last edited:

Soulbound

Moderator
Verified
Staff member
Jan 14, 2015
1,775
You're not at risk. OP is causing panic for no reason.

If problems persist, try clean installation of Chrome.
yeah thats what i was alerting, previous chrome build sort of messed up the services and clean install or install over would fix it.

its an issue that happens every now and again to random users.

The exact error is:
chrome error code 3: 0x80040154 -- system level
 

Correlate

Level 16
Verified
May 4, 2019
721
Google has recently released Chrome version 86.0.4240.111 to patch several holes. One is for a zero-day flaw - that means a vulnerability that is being actively exploited in the wild.

The flaw, which is officially designated as CVE-2020-15999, occurs in the way FreeType handles PNG images embedded in fonts using the Load_SBit_Png function. FreeType is a popular text rendering library that Chrome uses. According to the bug report filed by Sergei Glazunov, a security researcher from Google's very own Project Zero team, the function has the following tasks:
 

Gandalf_The_Grey

Level 42
Verified
Trusted
Content Creator
Apr 24, 2016
3,127

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
7,974
This is also fixed in Brave, Edge, Opera and all other chromium-based browsers that can keep up with Chrome.
So this brings up an interesting but perhaps hard-to-answer question: do most Chrome vulnerabilities affect the other Chromium-based browsers as well, such as the ones you mentioned?
 
  • +Reputation
Reactions: Gandalf_The_Grey

Gandalf_The_Grey

Level 42
Verified
Trusted
Content Creator
Apr 24, 2016
3,127
So this brings up an interesting but perhaps hard-to-answer question: do most Chrome vulnerabilities affect the other Chromium-based browsers as well, such as the ones you mentioned?
If I focus on Edge and look at the page linked below, yes, they are all affected and follow Chromium security updates.
And they can also have their own vulnerabilities, only one found to be Edge specific:
July 16, 2020
Microsoft has released the latest Microsoft Edge Stable Channel (Version 84.0.522.40), which incorporates the latest Security Updates of the Chromium project. For more information, see the Security Update Guide.

This update contains the following Microsoft Edge-specific update:

CVE-2020-1341
That's why this thread started by @Lenny_Fox was very interesting:
 
Top