Google Patches Zero-Day Bug in Chrome Browser
Google released an update that patches a zero-day vulnerability in Chrome's FreeType font library. Security researcher Sergei Glazunov at Google Project Zero, discovered the memory-corruption flaw in FreeType. Project Zero is an internal security team at the company responsible for finding zero-day vulnerabilities. Ben Hawkes, technical lead for the Project Zero team, warned that it's possible that other implementations of FreeType might be vulnerable as well.
According to details shared by Glazunov, the vulnerability exists in the FreeType's function Load_SBit_Png, which processes PNG images embedded into fonts. It can be exploited by hackers to execute arbitrary code by using specially crafted fonts with embedded PNG images. The issue is that libpng uses the original 32-bit values, which are saved in png_struct. If the original width and/or height is greater than 65535, the allocated buffer won't be able to fit the bitmap.
Besides Chrome, many other applications and operating systems use FreeType, including iOS, Android, GNU, Linux, and ReactOS. Apple released an update for iOS and iPadOS but did not include any information about security fixes in the descriptions, which is unusual. The full details of the flaw are still not public. Google usually keeps any technical details about flaws for months which gives users enough time to update. Since the patch is visible in the source code of an open source project, FreeType, it's expected that hackers will be able to reverse-engineer their own exploits within days or weeks.
Users are urged by Hawkes to fix the other potential flaws by updating other potentially vulnerable software. Google also released an update, Chrome version 86.0.4240.111, that patches five security issues for Windows, Mac & Linux, which also includes a fix for the zero-day. Users are encouraged to update their Chrome browsers immediately to avoid the flaw.