Chrome Security Browser Vulnerabilities

A few days ago, Google Chrome engineers have been scared to death when issues have been raised for all the Google Chrome browsers across all the platforms.

The issues that have made Google Chrome engineers spooked are two security vulnerabilities which one of the security bugs (zero-day exploit) in the public environment

On October 31, Google has verified that Chrome browsers have been a patch to all stable versions of 78.0.3904.87 across all the Operation Systems such as Windows, Mac OS, and all Linux platforms.

Google has said on their blog that

Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on but haven’t yet fixed

Two vulnerabilities that been mentioned above are CVE-2019-13720 and CVE-2019-13721.

CVE-2019-13720

CVE-2019-13720 is the vulnerabilities that been said that exist in the wild and was reported by Anton Ivanov and Alexey Kulaev, Kapersky researchers on 29 October this year.

Vulnerabilities can impact the Chrome web browser audio component and the attacker can exploit this vulnerability to take control of any affected system

CVE-2019-13721

CVE-2019-13721 can be classed as “use-after-free” vulnerabilities where the attacker can take advantage of escalating privileges on the affected system by exploiting memory corruption bugs.

This type of vulnerabilities normally involved with PDF generate and view where it will impact the PDFium library

Remediation

For those who are still the older version of the Chrome browser, they are advised to upgrade or update their Chrome browser to avoid any risk possible.

Source: New Google Chrome Security Alert: Update Your Browsers As ‘High Severity’ Zero-Day Exploit Confirmed

Author: Wan Ariff

He brings with him more than 2 years of working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *