Google Patches Actively Exploited Chrome Zero-Day Flaw

Time to update your Google Chrome installations immediately to the latest version. Why the urgency? Google issued an emergency update to address two vulnerabilities for Chrome, one of which is a Zero-Day flaw being actively exploited in the wild.

One of the worst nightmares for IT professionals became real for Google Engineers on Halloween night. They issued an urgent update for the browsers across all platforms to address not one but two security vulnerabilities.

With the release of Chrome 78.0.3904.87, Google is warning millions of users to install an urgent software update immediately to patch two high severity vulnerabilities, one of which attackers are actively exploiting in the wild to hijack computers.

High-Severity 0-Day Exploit

The two high severity vulnerabilities are known as CVE-2019-13720 and CVE-2019-13721 and classed as "use-after-free" vulnerabilities, which allow for a PC to be hijacked.

The actively exploited vulnerability was discovered by Kaspersky and has received the identifier CVE-2019-13720 and represents a use-aster-free bug in the audio component of the browser.

Our exploit prevention component recently detected a new unknown exploit in Google's Chrome browser. After reviewing the PoC we provided, @Google confirmed CVE-2019-13720 was a 0day vulnerability in the attacks in Operation WizardOpium.



More details below https://t.co/E4QVnxDQKq — Kaspersky (@kaspersky) November 3, 2019

This is the second Chrome Zero-Day detected this year. Back in March, Google patched another Chrome Zero-Day (CVE-2019-5786).

Audit & Find All Vulnerable Chrome Installations

If you currently have Google Chrome deployed on your workstations, it's pretty critical that you update it at the earliest opportunity to ensure that you don't fall prey to this exploit.

Our color-coded Chrome Audit Report can tell you in no time which devices have a vulnerable Chrome version in place and need to be patched.

Run the Chrome Zero-Day Audit Report

Google Chrome 0-Day Audit Report- Click to Enlarge

If you haven't already, start your free Lansweeper trial and get a list of all vulnerable Chrome versions in no time.