Attacker Value
Very High
(2 users assessed)
Exploitability
Unknown
(2 users assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Network
8

CVE-2020-15999 Chrome Freetype 0day

Disclosure Date: November 03, 2020
CVE-2020-15999 CVSS v3 Base Score: 6.5
Exploited in the Wild
Reported by ccondon-r7 and 1 more...
View Source Details
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Add Assessment

1
Ratings
  • Attacker Value
    Very High
Technical Analysis

The generally short shelf life of many browser vulnerabilities is offset by their value to attackers—and in some cases very nicely offset. This Chrome 0day arises from a heap buffer overflow in FreeType, a commonly-used open-source font engine. The public availability of patch details significantly improves shelf life calculus for attackers and exploit developers.

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
6.5 Medium
Impact Score:
3.6
Exploitability Score:
2.8
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Offensive Application
exploit
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Chrome 86.0.4240.111
Prerequisites
Unknown
Discovered By
Sergei Glazunov, Google Project Zero
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Sergei Glazunov, Google Project Zero

Vendors

  • debian,
  • fedoraproject,
  • freetype,
  • google,
  • opensuse

Products

  • backports sle 15.0,
  • chrome,
  • debian linux 10.0,
  • fedora 31,
  • freetype
Technical Analysis

Description

On October 20, 2020, Ben Hawkes of Google’s Project Zero warned Chrome users that Google had observed active exploitation of a zero-day in Chrome’s implementation of FreeType, a popular open-source font rendering library. As of October 20, the Chrome team has a new release out that includes a fix for the zero-day vulnerability, which is listed as a heap buffer overflow.

Rapid7 analysis

Like many zero-days, CVE-2020-15999 is an active threat. While Google itself rarely releases in-depth technical information on recent zero-day vulnerabilities in its software, FreeType’s bug tracker and source code are public and include details on the vulnerability’s fix, which greatly simplifies attacker efforts to reverse engineer the zero-day and accelerate exploit development.

Guidance

Upgrade Google Chrome to the latest stable version (86.0.4240.111) as quickly as possible. See Google’s advisory for further details.

While the zero-day (exploit) disclosed in the advisory is specific to Google Chrome, other FreeType implementations may also be affected by CVE-2020-15999, and FreeType users are strongly advised to upgrade to the latest stable version. See FreeType’s bug tracker for further information.