CVE-2020-15999 — Actively Exploited: Chrome FreeType (Google)
Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.
| CVE ID | CVE-2020-15999 |
|---|---|
| Vendor | |
| Product | Chrome FreeType |
| Vulnerability name | Google Chrome FreeType Heap Buffer Overflow Vulnerability |
| Date added | 2021-11-03 |
| Remediation due | 2021-11-17 |
| Known ransomware use | Unknown |
| Required action | Apply updates per vendor instructions. |
| Description | Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android. |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →