Chrome 86: new update to close vulnerabilities

The Mountain View group has kicked off the release of an update that brings Chrome's Stable channel to version 86.0.4240.111. No new features: we report the correction of some security problems and above all the intervention on a 0-day vulnerability that according to what has been declared is already forced through exploit.

Chrome 86.0.4240.111: vulnerability resolved, update

The advice is therefore to proceed as soon as possible with the update on desktop platforms: to do this, simply click on the button in the shape of three dots shown in the upper right corner of the interface and then select the entry "Help" and finally "About Google Chrome".



Identified as CVE-2020-15999 (Heap buffer overflow in Freetype), the flaw is described as a memory corruption bug linked to the use of the FreeType library for the management of fonts and was discovered and reported by Google's internal Project Zero team on October 19.

Excellent work Chrome team on a super fast response! https://t.co/Yn0xru5Jvl

- Andrew R. Whalley (@arw) October 20, 2020



The other vulnerabilities fixed by the Chrome update are CVE-2020-16000 (reported September 6), CVE-2020-16001 (October 5), CVE-2020-16002 (October 13) and CVE-2020-16003 (October 4). The 86 Stable release of the browser was released in the first week of the month with new features such as the tool that helps the user to change compromised passwords.

Source: Chrome Releases