The vulnerability affects Windows 10 and Windows Server releases up to version 20H2, the latest released version. The vulnerability is tracked as CVE-2021-24093 in a high-quality text rendering Windows API named Microsoft DirectWrite. The DirectWrite API is used as the default font rasterizer by major web browsers such as Chrome, Firefox, and Edge for rendering web font glyphs. Attackers can exploit the bug by tricking targets into visiting websites with maliciously crafted TrueType fonts that trigger a heap-based buffer overflow.
Source: https://www.bleepingcomputer.com/news/security/google-shares-poc-exploit-for-critical-windows-10-graphics-rce-bug/