← ExploitWatch
HomeExploited Vulnerabilities

CVE-2020-15999 — Actively Exploited: Chrome FreeType (Google)

Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.

CVE IDCVE-2020-15999
VendorGoogle
ProductChrome FreeType
Vulnerability nameGoogle Chrome FreeType Heap Buffer Overflow Vulnerability
Date added2021-11-03
Remediation due2021-11-17
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionGoogle Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →