Browsers are complicated pieces of software, and each release of Chrome includes fixes to address security flaws discovered both inside and outside of Google. However, there are sometimes security flaws that are frequently exploited before fixes can be widely rolled out, which has just happened with Chrome and Chrome OS.
Google recently fixed a zero-day security vulnerability in Chrome, designated CVE-2020-15999. It’s a memory corruption bug in the FreeType font rendering library that is bundled with Chrome. Project Zero, one of Google’s internal security teams, found evidence that the flaw was being exploited to attack Chrome users. Thankfully, Chrome 86.0.4240.111 began rolling out two days ago with the required security patch. You might already have it on your devices by now, but if not, we have the APK on APKMirror.
Google just brought the fix to Chromebooks today, with the release of Chrome OS 86.0.4240.112. The update also includes a few minor functional changes, including fixes for the ‘Clear all’ button and ‘Pairing lost’ notification, two new flags for modifying the protection level against Spectre, and a few other minor changes.