Quote:Google released an update to its Chrome browser that patches a zero-day vulnerability in the software’s FreeType font rendering library that was actively being exploited in the wild.
 
Security researcher Sergei Glazunov of Google Project Zero discovered the bug which is classified as a type of memory-corruption flaw called a heap buffer overflow in FreeType. Glazunov informed Google of the vulnerability on Monday.  Project Zero is an internal security team at the company aimed at finding zero-day vulnerabilities.
 
By Tuesday, Google already had released a stable channel update, Chrome version 86.0.4240.111, that deploys five security fixes for Windows, Mac & Linux–among them a fix for the zero-day, which is being tracked as CVE-2020-15999 and is rated as high risk.

“Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild,” Prudhvikumar Bommana of the Google Chrome team wrote in a blog post announcing the update Tuesday. Google did not reveal further details of the active attacks that researchers observed.