Google pushes out urgent Chrome update to patch actively exploited zero-day vulnerabilities

7 Comments

Chrome warning tape

Users of Chrome are being urged to update their browsers as Google is rolling out a patch for two serious zero-day vulnerabilities, one of which is already being actively exploited.

The Chrome security team says that both vulnerabilities are use-after-free security issues which can be used to exploit arbitrary code. One vulnerability exists in an audio component of the browser, while the other can be found in the PDFium library. The Windows, macOS and Linux versions of Chrome are all affected.

See also:

The Center for Internet Security warns that "multiple vulnerabilities have been discovered in Google Chrome", and says that both CVE-2019-13720 and CVE-2019-13721 have a High severity rating, It goes on to explain that: "Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser, obtain sensitive information, bypass security restrictions and perform unauthorized actions, or cause denial-of-service conditions".

In a blog post, the Google Chrome team says that version 78.0.3904.87 is being rolled out to the stable channel to address the problems:

This update includes 2 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$7500][1013868] High CVE-2019-13721: Use-after-free in PDFium. Reported by banananapenguin on 2019-10-12

[$TBD][1019226] High CVE-2019-13720: Use-after-free in audio. Reported by Anton Ivanov and Alexey Kulaev at Kaspersky Labs on 2019-10-29

Google is aware of reports that an exploit for CVE-2019-13720 exists in the wild.

Because of the active exploitation of one of the vulnerabilities, full details of the security flaws are not being disclosed at the moment.

Image credit: kruche_Gucci / Shutterstock

7 Comments

7 Responses to Google pushes out urgent Chrome update to patch actively exploited zero-day vulnerabilities

Got News? Contact Us

Recent Headlines

Cisco warns of serious CLI command injection vulnerability in its Integrated Management Controller

The next Bitcoin halving is imminent and price volatility is likely

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

Microsoft tries to calm fears after Edge update also appeared to install Copilot in Windows Server

MenteeBot is an AI-powered humanoid robot coming to your home and workplace in 2025

CISOs not changing priorities in response to AI threats

80 percent of companies don't have sufficient cyber insurance

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

60 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

17 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

16 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

15 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

EndeavourOS ARM discontinued: A huge loss for the Linux community

9 Comments

Install the KB5035942 update for Windows 11 to gain all of the Moment 5 features right now

8 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.