Chrome Zero Day Vulnerability - Why You Should Update Google Chrome Immediately
On October 31, 2019, Google disclosed two serious vulnerabilities for the Google Chrome browser. If you are using Chrome on your Windows, Mac, or Linux computers, you should run the browser update immediately. The new version of Chrome- 78.0.3904.87 patches the vulnerabilities.
- Both issues are Zero Day vulnerabilities, and what’s called “use-after-free vulnerabilities” a type of memory flaw that can execute malicious code.
- Exploit for CVE-2019-13720 exists in the wild and is being exploited by hackers.
- Hackers could take control of computers by exploiting this vulnerability.
- Upgrading to Chrome- 78.0.3904.87 patches the vulnerability.
What are CVE-2019-13720 and VE-2019-13721, the Chrome zero-day exploit?
These Google Chrome Zero Day vulnerabilities are what’s called “use-after-free vulnerabilities,” which are a type of memory flaw that can be leveraged by hackers to execute malicious code. One affects Chrome's audio component (CVE-2019-13720) while the other affects the PDF (CVE-2019-13721) library. These vulnerabilities can enable an attacker to escalate privileges on an affected system.
How hackers are already taking advantage of the Chrome vulnerability
Google is aware that the exploit for CVE-2019-13720 exists in the wild. Hackers can take control of a user’s computer by exploiting this vulnerability. According to Google’s blog post, "Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on but haven’t yet fixed."
This is similar to vulnerability CVE-2019-5786 discovered in March 2019, which could allow hackers to perform what’s called a “Remote Control Execution” where the attackers can install malware without any knowledge of the user.
Is this Google Chrome zero-day vulnerability serious?
Google considers the severity of these issues as high and urges users to upgrade to the most recent version of Chrome. This vulnerability is being used by hackers and can allow them to take control of an affected computer. Users can upgrade to the latest version of Chrome by opening Chrome and clicking on the three buttons to the right of the URL bar and click on Click Update Google Chrome in the drop-down menu. If you do not see this option, you are running the latest version of Chrome.
Why it’s important to update Google Chrome immediately
As mentioned, the exploit for CVE-2019-13720 exists in the wild and is being used by hackers. This means they can potentially take over an infected computer and possibly install more malware on the machine. This is a good example why it is critical to run and install software updates as soon as they are released.
Cyber threats have evolved, and so have we.
Norton 360™ with LifeLock™, all-in-one, comprehensive protection against viruses, malware, identity theft, online tracking and much, much more.
Try Norton 360 with Lifelock.
Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc.
Want more?
Follow us for all the latest news, tips and updates.