A few days ago, Google Chrome engineers have been scared to death when issues have been raised for all the Google Chrome browsers across all the platforms.
The issues that have made Google Chrome engineers spooked are two security vulnerabilities which one of the security bugs (zero-day exploit) in the public environment
On October 31, Google has verified that Chrome browsers have been a patch to all stable versions of 78.0.3904.87 across all the Operation Systems such as Windows, Mac OS, and all Linux platforms.
Google has said on their blog that
Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on but haven’t yet fixed
Two vulnerabilities that been mentioned above are CVE-2019-13720 and CVE-2019-13721.
CVE-2019-13720 is the vulnerabilities that been said that exist in the wild and was reported by Anton Ivanov and Alexey Kulaev, Kapersky researchers on 29 October this year.
Vulnerabilities can impact the Chrome web browser audio component and the attacker can exploit this vulnerability to take control of any affected system
CVE-2019-13721 can be classed as “use-after-free” vulnerabilities where the attacker can take advantage of escalating privileges on the affected system by exploiting memory corruption bugs.
This type of vulnerabilities normally involved with PDF generate and view where it will impact the PDFium library
For those who are still the older version of the Chrome browser, they are advised to upgrade or update their Chrome browser to avoid any risk possible.