Google has recently released Chrome version 86.0.4240.111 to patch several holes. One is for a zero-day flaw – that means a vulnerability that is being actively exploited in the wild.
The flaw, which is officially designated as CVE-2020-15999, occurs in the way FreeType handles PNG images embedded in fonts using the Load_SBit_Png function. FreeType is a popular text rendering library that Chrome uses. According to the bug report filed by Sergei Glazunov, a security researcher from Google’s very own Project Zero team, the function has the following tasks: