New Chromium Zero-Day bug under exploitation in the wild

New Chromium Zero-Day bug under exploitation in the wild

By ircrp | ircrp | 26 Oct 2020


 

Users of browsers based on Chromium such as Chrome, Brave, Netbox and many more are advised to upgrade their browser. A new vulnerability tracked as CVE-2020-15999 with yet undisclosed details to the public is currently thought to be putting Chromium users at very high risk with the early reports highlighting a potential heap buffer overflow vulnerability within the FreeType rendering library which is included by default in the Chromium distributions.

 

  • To check your version of Chromium in Chrome, Brave or Netbox simply navigate to about://version
    • Ensure the version is at least 86.0.4240.111
  • The vulnerability was first reported on 19th of October 2020 by Sergei Glazunov working for Google Project Zero, and is thought to allow attackers arbitrary code execution (ACE) which was already actively exploited in the wild at the time.
  • Although Google has not disclosed the full details of the vulnerability, it has highlighted that the vulnerability lies within FreeType which is an open source project, possibly leading to new attackers reverse engineering the code and coming up with their exploits within days.
  • The Operating System is thought to be of little protection in this case, with attacks reported being carried out on Mac, Windows and Linux machines.

 

Related Reading
 
Ongoing crypto free earn campaigns:


ircrp
ircrp

Crypto enthusiast and a first-time blogger

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.