Chrome and Chrome OS 86 have been out in the world for a couple of weeks now but it appears that the update arrived with a critical weakness. A zero-day vulnerability was discovered that left the browser and the Chrome OS operating system that could result in the corruption of the system’s memory. The bug was found in the FreeType font library that ships with Chrome by default. While these types of bugs are common, Google has stated that the company is aware of what is considered an “in the wild exploit” as a result of CVE-2020-15999. That means a system was attacked leveraging the vulnerability created by this bug before developers could identify and patch the hole.
Before you panic, there’s a quick and easy fix for this vulnerability. Google has already rolled out an update to Chrome and Chrome OS 86 that contains a fix for CVE-2020-15999 as well as patches for other security fixes. To ensure that your Chromebook, PC or Mac are protected, all you need to do is make sure you are updated to the latest version. There are a handful of Chrome OS devices that are still stuck on Chrome OS 85 but you shouldn’t have to worry as this vulnerability was part of the Chrome OS 86 update that rolled out last week.
On Chrome OS, head to your device settings by clicking the system tray at the bottom-right of your screen. Click the gear icon and that will open your settings. Click “About Chrome OS” on the left-hand menu and then you should see a button that says “check for updates.” Click that and your device should start downloading the latest version of Chrome OS 86 and along with it, the patch for this bug. Once it’s finished, make sure to restart your device to complete the update.
On Windows, Linux and macOS, open the Chrome browser and click the three-dot menu at the top-right of the window. Click “help” and About Google Chrome. You should see a similar option to check for updates. Download the update, install and restart the browser. Now you’re all set and you won’t have to worry about this nasty little bug. For Chrome OS users, the latest version of 86 should look like this: 86.0.4240.112. For desktop, your new version should be 86.0.4240.111. This is why it’s always important to make sure your browser and software is up to date. Stay safe out there.