Google Chrome Under Active Attacks – Update Your Browser Now!

Attention readers, if you are using Chrome on your Windows, Mac, and Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today.

With the release of Chrome 78.0.3904.87, Google is warning millions of users to install an urgent software update immediately to patch two high severity vulnerabilities, one of which attackers are actively exploiting in the wild to hijack computers.

Without revealing technical details of the vulnerability, the Chrome security team only says that both issues are use-after-free vulnerabilities, one affecting Chrome's audio component (CVE-2019-13720) while the other resides in the PDFium (CVE-2019-13721) library.

A vulnerability in use is a category of memory corruption that allows data to be corrupted or modified in memory, allowing an unlikely user to escalate privileges on an affected system or program.

Thus, both disadvantages can enable remote attackers to gain privileges on the Chrome web browser only by persuading the target users to visit a malicious website, allowing them to escape the protection of the protection box and run arbitrary malicious code on targeted systems.

Google Chrome zero-day under active attacks

Researchers in Kaspersky discovered Anton Ivanov and Alexey Kulayev, the problem of the sound component was found in the Chrome application was exploited in the wild, although it is still not clear at the time that the specific group of hackers.

"Google is aware of reports of CVE-2019-13720 being exploited in the wild," the Google Chrome security team said in a blog post.

“Access to details of errors and links may be restricted until the majority of users are updated with a fix.

One of the most common vulnerabilities detected and corrected in the Chrome web browser in the past few months is the usage issue after use.

Just over a month ago, Google released an urgent security update for Chrome to correct a total of four vulnerabilities for use after use in different web browser components, the most dangerous of which could allow remote hackers to control an affected system.

In March this year, Google also released an emergency security update for Chrome after miscreants were found actively exploiting a similar use-after-free Chrome zero-day vulnerability in the wild affecting the browser's FileReader component.

Patch Available: Update Google Chrome Immediately

To patch both security vulnerabilities, Google has already started rolling out Chrome version 78.0.3904.87 for Windows, Mac, and Linux operating systems.

Although the Chrome web browser automatically notifies users about the latest available version, users are recommended to manually trigger the update process by going to "Help → About Google Chrome" from the menu.

Besides this, Chrome users are also recommended to run all software on their systems, whenever possible, as a non-privileged user in an attempt to diminish the effects of successful attacks exploiting any zero-day vulnerability.

We will update you with more information about these security vulnerabilities as soon as Google releases its technical details.

Source