Update your browser immediately as Google urgently patch two new Chrome Zero-day exploits

Reading time icon 1 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Two new zero-day exploits for the current stable version of the Google Chrome browser, one of which is already being used in the wild has been reported bythe National Cyber Security service.

CVE-2019-13720 and CVE-2019-13721 describe two memory corruption exploits which would allow execution of arbitrary code by hackers.

Kaspersky notes:

The exploit used a race condition bug between two threads due to missing proper synchronization between them. It gives an attacker an a Use-After-Free (UaF) condition that is very dangerous because it can lead to code execution scenarios, which is exactly what happens in our case.

The first affects Chrome’s audio stack and the other the PDFium library, used for PDF document generation and rendering. Kaspersky researchers Anton Ivanov and Alexey Kulaev have confirmed that the audio hack is already being used in the wild.

Google has released an urgent patch, which updates the Chrome browser to 78.0.3904.87. To see if you have the latest version go to Help -> About Google Chrome in the browser menu. If you do not have it installed this is also a way to prompt Google to download the update.

Via PCMag

User forum

0 messages