Google Chrome Plagued by Zero Day Flaw Which is Under Active Exploitation

  • Update your Chrome browser immediately, as a flaw discovered by Kaspersky Labs is under active exploitation.
  • Not many technical details have been released yet, as people need time to update their software.
  • The two flaws are similar to another actively exploited zero-day that was discovered back in March.

Chrome users on macOS, Linux, and Windows should update their browser immediately to version 78.0.3904.87. Anything older than that is plagued by two "use-after-free" vulnerabilities that are being exploited in the wild right now. The first one is "CVE-2019-13720" and concerns the browser’s audio component, while the second one is "CVE-2019-13721" and it lies on the PDFium. According to Google, the flaw that exists in the audio component is being actively exploited in the wild right now and can lead to computer hijacking.

While no technical details have been disclosed yet, the nature of the vulnerabilities is that of the attacker accessing memory after it has been freed. This can open the door to arbitrary remote code execution, which can potentially lead to a step-by-step system takeover. In other cases, Chrome or one of its tabs may be forced to crashing conditions. Google says that after the majority of the users upgrade to the latest version, they will consider the possibility of sharing more technical information regarding the flaws. Moreover, there’s also the case of those using Chrome-based browsers like Brave, Vivaldi, and Opera, who will get the bug-fixing update a bit later in time.

The exploited bug was discovered and reported to Google by Anton Ivanov and Alexey Kulaev, who are researchers at Kaspersky Labs. These new flaws remind us of a similar situation that plagued the v72 branch. Back then, CVE-2019-5786 was again a "use-after-free" vulnerability, which was again under exploitation at the time of its discovery. Google couldn’t tell for how long the attackers have been exploiting that bug, and the case is the same today. This practically means that Chrome users could have been affected by this attack for many months now, and no one even knew about it.

Chrome and Chrome-based browsers are taking care of the updates and the fetching of available patches automatically. However, if for any reason you are still using an older version, go to Chrome's setting panel and select "About Chrome". There you’ll see the browser version and the software will check for any available updates.

Are you using Chrome, or do you prefer another browser? Let us know in the comments down below, or on our socials, on Facebook and Twitter.

Shanghai Masters 2023 Live Stream: How to Watch Tennis Online from Anywhere
The 2023 ATP Tour continues this week with one of the most prestigious events of the year set to take place. The...
How to Watch Forged in Fire Season 10 Online from Anywhere
Forged in Fire is an exciting competition show where world-class bladesmiths re-create historical weapons. The show will be available in the US...
How to Watch SurrealEstate Season 2 Online from Anywhere
Did a ghost spook away potential homebuyers from your charming 2LDK? Or perhaps a terrifying encounter with a werewolf in the basement...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari