Emerging Threats

Chrome Zero Day Vulnerability - Why You Should Update Google Chrome Immediately

On October 31, 2019, Google disclosed two serious vulnerabilities for the Google Chrome browser.  If you are using Chrome on your Windows, Mac, or Linux computers, you should run the browser update immediately. The new version of Chrome- 78.0.3904.87 patches the vulnerabilities.

  • Both issues are Zero Day vulnerabilities, and what’s called “use-after-free vulnerabilities” a type of memory flaw that can execute malicious code.
  • Exploit for CVE-2019-13720 exists in the wild and is being exploited by hackers.
  • Hackers could take control of computers by exploiting this vulnerability.
  • Upgrading to Chrome- 78.0.3904.87 patches the vulnerability.

What are CVE-2019-13720 and VE-2019-13721, the Chrome zero-day exploit?

These Google Chrome Zero Day vulnerabilities are what’s called “use-after-free vulnerabilities,” which are a type of memory flaw that can be leveraged by hackers to execute malicious code. One affects Chrome's audio component (CVE-2019-13720) while the other affects the PDF (CVE-2019-13721) library. These vulnerabilities can enable an attacker to escalate privileges on an affected system.

How hackers are already taking advantage of the Chrome vulnerability

Google is aware that the exploit for CVE-2019-13720 exists in the wild. Hackers can take control of a user’s computer by exploiting this vulnerability. According to Google’s blog post, "Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on but haven’t yet fixed."

This is similar to vulnerability CVE-2019-5786 discovered in March 2019, which could allow hackers to perform what’s called a “Remote Control Execution” where the attackers can install malware without any knowledge of the user.

Is this Google Chrome zero-day vulnerability serious?

Google considers the severity of these issues as high and urges users to upgrade to the most recent version of Chrome. This vulnerability is being used by hackers and can allow them to take control of an affected computer. Users can upgrade to the latest version of Chrome by opening Chrome and clicking on the three buttons to the right of the URL bar and click on Click Update Google Chrome in the drop-down menu. If you do not see this option, you are running the latest version of Chrome.

Why it’s important to update Google Chrome immediately

As mentioned, the exploit for CVE-2019-13720 exists in the wild and is being used by hackers. This means they can potentially take over an infected computer and possibly install more malware on the machine. This is a good example why it is critical to run and install software updates as soon as they are released.

Cyber threats have evolved, and so have we.

Comprehensive protection from the ever-changing threats to your connected world. NortonTM 360 with LifeLockTM


Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2019 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.