Very High
CVE-2020-15999 Chrome Freetype 0day
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2020-15999 Chrome Freetype 0day
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Add Assessment
Ratings
-
Attacker ValueVery High
Technical Analysis
Good SECPod blog on the vulnerability, also showing this is being actively exploited.
https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/?utm_source=Chrome%20Zero-Day%20October&utm_medium=Email&utm_campaign=Google%20Chrome%20Zero-Day%20October
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportRatings
-
Attacker ValueVery High
Technical Analysis
The generally short shelf life of many browser vulnerabilities is offset by their value to attackers—and in some cases very nicely offset. This Chrome 0day arises from a heap buffer overflow in FreeType, a commonly-used open-source font engine. The public availability of patch details significantly improves shelf life calculus for attackers and exploit developers.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportCVSS V3 Severity and Metrics
General Information
Vendors
- debian,
- fedoraproject,
- freetype,
- google,
- opensuse
Products
- backports sle 15.0,
- chrome,
- debian linux 10.0,
- fedora 31,
- freetype
Exploited in the Wild
Would you like to delete this Exploited in the Wild Report?
Yes, delete this report- News Article or Blog (https://www.tenable.com/blog/cve-2020-15999-cve-2020-17087-google-chrome-microsoft-windows-kernel-zero-day-vulnerabilities-exploited-in-wild-along-with-cve-2020-16009)
- Other: Google EITW Root Cause Analysis (https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2020/CVE-2020-15999.html)
Would you like to delete this Exploited in the Wild Report?
Yes, delete this reportReferences
Advisory
Additional Info
Technical Analysis
Description
On October 20, 2020, Ben Hawkes of Google’s Project Zero warned Chrome users that Google had observed active exploitation of a zero-day in Chrome’s implementation of FreeType, a popular open-source font rendering library. As of October 20, the Chrome team has a new release out that includes a fix for the zero-day vulnerability, which is listed as a heap buffer overflow.
Rapid7 analysis
Like many zero-days, CVE-2020-15999 is an active threat. While Google itself rarely releases in-depth technical information on recent zero-day vulnerabilities in its software, FreeType’s bug tracker and source code are public and include details on the vulnerability’s fix, which greatly simplifies attacker efforts to reverse engineer the zero-day and accelerate exploit development.
Guidance
Upgrade Google Chrome to the latest stable version (86.0.4240.111) as quickly as possible. See Google’s advisory for further details.
While the zero-day (exploit) disclosed in the advisory is specific to Google Chrome, other FreeType implementations may also be affected by CVE-2020-15999, and FreeType users are strongly advised to upgrade to the latest stable version. See FreeType’s bug tracker for further information.
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Firefox version 83 fixes this zero-day vulnerability. The bug could only be exploited if a rarely used, hidden preference is toggled. It only affects the Linux and Android operating systems. More details here: https://bugs.chromium.org/p/chromium/issues/detail?id=1139963