A new vulnerability with no patches or patches were created, and which is used to carry out an attack. The name Zero day is because there is no patch yet to mitigate the exploitation of the vulnerability. These are sometimes used in conjunction with Trojans, rootkits, viruses, worms, and other types of malware, to help them spread and infect more computers.
You can think of computer software as having the structure of a metal mesh door, it is made up of millions of interwoven lines of code. With the exception that, in the case of software, the interweaving of such threads is usually quite complicated, instead of looking like a simple mesh, it would more closely resemble a plate of spaghetti. This often makes it quite difficult to find weak spots within your code. Even automated verification tools sometimes have problems analyzing code.
Google has patched a Zero Day security vulnerability in its web browser, by updating the stable channel to a new version 86.0.4240.111 of Chrome for Windows, Mac and Linux. The vulnerability has been labeled CVE-2020-15999 and lies in the FreeType font rendering library. The failure is critical and was being actively exploited.
The Google Project Zero security team looking for these types of vulnerabilities discovered the bug which is classified as a type of memory corruption flaw called Stack Buffer Overflow in FreeType, this company reported the vulnerability to Google on Monday and a a day later, it was already resolved, because it was a critical vulnerability subject to a seven-day public disclosure period due to being under active exploitation.
Google has taken advantage of the Chrome update to patch four other vulnerabilities, three high risk, CVE-2020-16000, CVE-2020-16001 and CVE-2020-16002, and another medium risk CVE-2020-16003. In the last 12 months, Google has patched three Zero Day vulnerabilities in its Chrome browser. These vulnerabilities are not a joke and the truth is that they are quite serious and exploitation of the one that affects FreeType, users are strongly recommended to install the latest version of Google Chrome or update through the function installed in the browser in Settings> Help> Google Chrome Information.
Zero day vulnerabilities is a new vulnerability for which no patches or patches were created, and which is used to carry out an attack. The name 0-day (day zero) is because there is no patch yet to mitigate the exploitation of the vulnerability. These are sometimes used in conjunction with Trojans, rootkits, viruses, worms, and other types of malware, to help them spread and infect more computers.
