New Chrome 0-day Under Active Attacks – Update Your Browser Now

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today.

Google released Chrome version 86.0.4240.111 today to patch several security high-severity issues, including a zero-day vulnerability that has been exploited in the wild by attackers to hijack targeted computers.
Tracked as CVE-2020-15999, the actively exploited vulnerability is a type of memory-corruption flaw called heap buffer overflow in Freetype, a popular open source software development library for rendering fonts that comes packaged with Chrome.
 

Soulbound

Moderator
Verified
Staff Member
Well-known
Jan 14, 2015
1,761
and it looks like something got broken in meantime for chrome not to update since Version 86.0.4240.75

only way around is to do a clean install.

Update: - Chrome update services couldnt start no matter what i did. Installing chrome over chrome fixed the issue.

So you either do a clean install - recommended
or download latest version and install on top - less desirable.

8IGEKPhnTO.png
 
Last edited:

Soulbound

Moderator
Verified
Staff Member
Well-known
Jan 14, 2015
1,761
You're not at risk. OP is causing panic for no reason.

If problems persist, try clean installation of Chrome.
yeah thats what i was alerting, previous chrome build sort of messed up the services and clean install or install over would fix it.

its an issue that happens every now and again to random users.

The exact error is:
chrome error code 3: 0x80040154 -- system level
 

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
Google has recently released Chrome version 86.0.4240.111 to patch several holes. One is for a zero-day flaw - that means a vulnerability that is being actively exploited in the wild.

The flaw, which is officially designated as CVE-2020-15999, occurs in the way FreeType handles PNG images embedded in fonts using the Load_SBit_Png function. FreeType is a popular text rendering library that Chrome uses. According to the bug report filed by Sergei Glazunov, a security researcher from Google's very own Project Zero team, the function has the following tasks:
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
This is also fixed in Brave, Edge, Opera and all other chromium-based browsers that can keep up with Chrome.
So this brings up an interesting but perhaps hard-to-answer question: do most Chrome vulnerabilities affect the other Chromium-based browsers as well, such as the ones you mentioned?
 
  • +Reputation
Reactions: Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
So this brings up an interesting but perhaps hard-to-answer question: do most Chrome vulnerabilities affect the other Chromium-based browsers as well, such as the ones you mentioned?
If I focus on Edge and look at the page linked below, yes, they are all affected and follow Chromium security updates.
And they can also have their own vulnerabilities, only one found to be Edge specific:
July 16, 2020
Microsoft has released the latest Microsoft Edge Stable Channel (Version 84.0.522.40), which incorporates the latest Security Updates of the Chromium project. For more information, see the Security Update Guide.

This update contains the following Microsoft Edge-specific update:

CVE-2020-1341
That's why this thread started by @Lenny_Fox was very interesting:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top