A new zero-day attack has been discovered in google chrome which allows for memory corruption.
The vulnerability exists in Chrome’s ‘Freetype’ font rendering library which handles all the fonts you see on chrome and the way they are displayed on websites.
A memory corruption attack allows an attacker to exploit a program’s deficiencies to overwrite parts of memory that then cause the program to behave in a way that was not intended. This memory corruption attack (Heap Buffer Overflow) allows for on the fly code execution allowing attackers to deliver a malicious package via your browser. Allowing an attacker to execute code from within Chrome, potentially giving them access to your details and passwords.
Google has already released a fix for this exploit along with 4 other bugs, 3 of which were marked as ‘high-risk’. Security researchers are urging other companies that use Freetype’s library (such as Twitter) to ensure that their systems are not compromised by the same bug.
Although the Chrome web browser automatically notifies users about the latest available version, users are recommended to manually trigger the update process by going to “Help > About Google Chrome” from the menu in the top right of the screen.
We urge everyone to always ensure you keep all your programs up to date with the latest versions and security fixes as it could mean the difference between a successful attack or not.