Google starts rolling out fix for Chrome, Chrome OS security vulnerability

Google's Project Zero found evidence that attackers were exploiting the flaw

Google is rolling out an important security patch for Chrome and Chrome OS users. The patch fixes a zero-day security vulnerability described as a ‘memory corruption bug’ in the FreeType font rendering library included in Chrome.

Google’s Project Zero research team uncovered evidence that attackers were exploiting the flaw in the wild. A patch started rolling out as part of Chrome 86.0.4240.111 a few days ago. It fixes the vulnerability, dubbed CVE-2020-15999. To check for the update, click the menu button in the top-right corner > Help > About Google Chrome. This will show you what version of Chrome you’re running and give you the option to update if one is available.

On mobile, the process is a little different. Android users should scroll to the Chrome app icon, press and hold it, select ‘App info’ and scroll to the bottom to see the version number. On iOS, open Chrome, tap the three-dot menu button > Settings > Google Chrome to see the version number.

Along with the fix for the security vulnerability, the Chrome update brings a few small tweaks. For one, the update fixes an issue with the ‘Clear all’ button and ‘Pairing lost’ notification. There are also two new Chrome flags — semi-hidden settings users can tweak to customize the browser — that modify protection levels against the Spectre.

Source: Android Police