Google Chrome Plagued by Zero Day Flaw Which is Under Active Exploitation

  • Update your Chrome browser immediately, as a flaw discovered by Kaspersky Labs is under active exploitation.
  • Not many technical details have been released yet, as people need time to update their software.
  • The two flaws are similar to another actively exploited zero-day that was discovered back in March.

Chrome users on macOS, Linux, and Windows should update their browser immediately to version 78.0.3904.87. Anything older than that is plagued by two "use-after-free" vulnerabilities that are being exploited in the wild right now. The first one is "CVE-2019-13720" and concerns the browser’s audio component, while the second one is "CVE-2019-13721" and it lies on the PDFium. According to Google, the flaw that exists in the audio component is being actively exploited in the wild right now and can lead to computer hijacking.

While no technical details have been disclosed yet, the nature of the vulnerabilities is that of the attacker accessing memory after it has been freed. This can open the door to arbitrary remote code execution, which can potentially lead to a step-by-step system takeover. In other cases, Chrome or one of its tabs may be forced to crashing conditions. Google says that after the majority of the users upgrade to the latest version, they will consider the possibility of sharing more technical information regarding the flaws. Moreover, there’s also the case of those using Chrome-based browsers like Brave, Vivaldi, and Opera, who will get the bug-fixing update a bit later in time.

The exploited bug was discovered and reported to Google by Anton Ivanov and Alexey Kulaev, who are researchers at Kaspersky Labs. These new flaws remind us of a similar situation that plagued the v72 branch. Back then, CVE-2019-5786 was again a "use-after-free" vulnerability, which was again under exploitation at the time of its discovery. Google couldn’t tell for how long the attackers have been exploiting that bug, and the case is the same today. This practically means that Chrome users could have been affected by this attack for many months now, and no one even knew about it.

Chrome and Chrome-based browsers are taking care of the updates and the fetching of available patches automatically. However, if for any reason you are still using an older version, go to Chrome's setting panel and select "About Chrome". There you’ll see the browser version and the software will check for any available updates.

Are you using Chrome, or do you prefer another browser? Let us know in the comments down below, or on our socials, on Facebook and Twitter.

Latest
How to Watch Italian Serie A Online: Live Stream the 2022/23 Season From Anywhere
Few soccer leagues in the world can match the Italian Serie A's quality, talent, and passion. With stars and talented youngsters from...
How to Watch The Princess Online From Anywhere: Stream the Princess Diana Documentary
A new Princess Diana documentary is set to premiere soon, and you will be able to stream it online quite easily, just...
How to Watch Rowing at European Championships 2022 Online From Anywhere
The 2022 European Championships are set to be a fascinating multi-sport event, with some of Europe's most talented athletes participating. We are...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari
[class^="wpforms-"]
[class^="wpforms-"]
[class^="wpforms-"]
[class^="wpforms-"]