Blog
Sushmita Kalashikar

Have you updated your browser yet? Severe Chrome Zero-day vulnerability getting actively exploited

November 4, 2019
0
Estimated reading time: 2 minutes

Attention! Are you using Chrome as your web browsing software on your Windows, Linux and Mac? High time you update your browser!!

That’s right. With Google recently releasing Chrome version 78.0.3904.87 for Windows, Mac, and Linux, there come’s an urgent warning, requesting billions of users to update their software immediately. The warning comes after news of hackers exploiting two high-severity zero-day vulnerabilities. Apparently, the new Chrome version addresses these vulnerabilities.

What are these zero-day vulnerabilities?

According to Google, the following 2 zero-day vulnerabilities have been detected:

  • CVE-2019-13720 – This is basically a use-after-free-bug that has been detected in the audio component of Chrome.
  • CVE-2019-13721 – This again is a user-after-free security vulnerability and affects the PDFium library. This is basically used to view and generate PDF files in your browser, a feature that is commonly required by users.

How do these vulnerabilities work?

user-after-free security vulnerability is basically a memory-corruption flaw that allows modification or corruption of memory data, allowing a hacker to take control of an affected software or system. All that the remote attackers need to do, is to escalate privileges on your Chrome web browser by convincing you to click and visit a malicious website. This instantly allows attackers to run malicious code on your affected system while bypassing any sandbox protections.

How can you protect yourself?

The use-after-free vulnerability has been existing in the wild for quite some time now and is one of the most commonly discovered vulnerabilities. Thus, the chances of it reappearing in frequent periods are high.

Thankfully, Google has already released an update for this new Chrome version, to patch this active zero-day vulnerability and the stable channel has been updated to 78.0.3904.87. So now, all you need to do is to Click on the update arrow visible at the top-right corner of Chrome browser. Once you have successfully updated to the latest version of Chrome across your desktop and mobile, you will become safe from these vulnerabilities.

Such security bugs and vulnerabilities are bound to appear and reappear from time to time. It is for this reason that Quick Heal strongly recommends that you keep your web browser and security products up-to-date and follow best security practices for optimum defense against the rising/evolving threats and zero-day vulnerabilities.

 

Have something to add to this story? Share it in the comments.

Sushmita Kalashikar
About Sushmita Kalashikar
Sushmita is the content strategist for Quick Heal, with a passion for creative and technical writing. She is also a published author on...
Articles by Sushmita Kalashikar »

No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image