Are you reading this on a chrome browser window?
If so, you need to update your web browsing software immediately to the latest version Google released today!
With the release of Chrome 78.0.3904.87, Google is warning billions of users to install an urgent software update immediately to patch two high severity vulnerabilities, one of which attackers are actively exploiting!
Without getting into the technical vulnerabilities and details surrounding it, the security team of Chrome state both issues are use-after-free vulnerabilities, one affecting Chrome's audio while the other resides in the PDFium library.
The use-after-free vulnerability is a class of memory corruption issues that allows corruption or modification of data in the memory.
Essentially, unprivileged users can gain privileges on an affected system or software.
So, both of these flaws can allow attackers to gain privileges on the Chrome web browser just by convincing targeted users into visiting a malicious website, allowing them to escape sandbox protections and run arbitrary malicious code on the targeted systems.
Earlier today the team had this to say about the current 0-day bug:
"Google is aware of reports that an exploit for CVE-2019-13720 exists in the wild," Google Chrome security team said in a blog post.
"Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed."
Unfortunately, this issue has been gaining traction among Chrome web browser users in the past few months.
This isn’t the first time Google has faced urgent update requirements.
About 1 month ago, an urgent security update for Chrome was released to patch a total of 4 user after free vulnerabilities in different components of the web browser, the most severe of which could allow remote hackers to take control of an affected system.
Technical Details of Chrome 0-day Exploit
A day after Google released an emergency patch update for Chrome browser to fix two high-severity vulnerabilities, cybersecurity firm Kaspersky Labs revealed more technical details about the one that it reported to Google and was spotted being exploited.
According to the researchers, attackers compromised a Korean-language news portal. They planted the exploit code on the site, to hack computers of its visitors opening the news portal using vulnerable versions of Google Chrome.
The exploit reportedly installs the first stage malware on the targeted systems after exploiting Chrome vulnerability, which connects to a hard-coded remote command-and-control server to download the final payload.
Update Chrome Immediately- Manually!
To patch both security vulnerabilities, Google has already started rolling out Chrome version 78.0.3904.87 for Windows, Mac, and Linux operating systems.
Manually trigger the update process by going to "Help → About Google Chrome" from the menu.
It’s also recommended to run all software on your systems, whenever possible, as a non-privileged user in an attempt to lessen the potential effects of successful attacks.
So, be sure to update your systems. Now!