Are there any security risks associated with loading web fonts?
Our corporate IE policy prohibits downloading web fonts. I'd like to change that policy but I can't find any solid information about what the security risks are.
Are web fonts actually installed on the PC or are they just handled and rendered by the browser? If the latter, I don't see why it would be any riskier than processing any other web resource (images, js files, etc).
Thanks
There was a vulnerability rendering TTF in 2011 and another in 2015, which could allow remote code execution.
The Windows Kernel would appear to have issues with font rendering. Non-TTF fonts don't have any known vulerabilities that I have been able to find, but they may exist.