Chrome security update fixes zero-day exploited in the wild

Google has released a new security update for Chrome browser 78.0.3904.87 for Windows, Mac and Linux. There are reports of one of those vulnerabilities CVE-2019-13720 being exploited in the wild.

The latest update released on October 31 includes two high severity security fixes:

  • High CVE-2019-13721: Use-after-free in PDFium.
  • High CVE-2019-13720: Use-after-free in audio.

“Google is aware of reports that an exploit for CVE-2019-13720 exists in the wild,” Google warned in the Chrome release.

According to the Center of Information Security (CIS) report, a successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. As a result, an attacker could steal sensitive information, bypass security restrictions and perform unauthorized actions, or even cause denial-of-service conditions.

Google also released Chrome Beta 79 (79.0.3945.18) for Android on Thursday and is available on Google Play.

This is the first security update since Google released Chrome 78 on October 22. Users and organizations should apply the necessary updates as soon as possible.