MOUNTAIN VIEW, CA. (THECOUNT) — If you are dependant on Google Chrome browser, be advised that an update is available that addresses a couple of “High” security threats.
One of those—labeled CVE-2019-13720—is a zero-day vulnerability that is known to be actively exploited in the wild, though it is not clear to what extent nefarious individuals are leveraging it.
|
Advertisement |
“Google is aware of reports that an exploit for CVE-2019-13720 exists in the wild,” Google’s security team stated in a blog post, reports HotHardware.
That one was discovered by Anton Ivanov and Alexey Kulaev, a pair of security researchers at Kaspersky Labs, and it will net them a bug bounty in an amount that is yet to be determined. The bug resides in Chrome’s audio component and is of the use-after-free (UAF) variety, which deals with trying to access memory after it has been freed.
The latest Chrome update also patches CVE-2019-13721, another High severity UAF bug, only this one deals with the browser’s PDFium library. There is no mention of this one being exploited in the wild. However, the same potential risks apply to this bug as they do to the audio component bug. The person who found this one will receive a $7,500 bug bounty.
As of this writing, the latest version of Chrome in Windows is 78.0.3904.87. You can check which version you have installed (and manually update Chrome) by clicking on the three vertical dots in the upper-right corner, then navigate to Help > About Google Chrome. If there is an update available, Chrome will automatically begin downloading it, and you will be prompted to restart the browser to complete the installation.
DEVELOPING::
Geo quick facts: Mountain View is a city located in Santa Clara County, California, United States, named for its views of the Santa Cruz Mountains. From its origins as a stagecoach stop, it has developed into a large suburb of San Francisco. It has a pedestrian-friendly downtown and a population of 74,066 – Wikipedia.