New Chrome 0-day bug, patched. Update your browser!

Your Chrome browser needs urgent update! The latest version was released on Halloween night. Google is warning its billions of users to immediately install the update, in order to patch two high severity vulnerabilities. One of these was actively exploited to hijack computers.

The Chrome security team mentioned that both issues are use-after-free vulnerabilities (a class of memory corruption bug that can be leveraged by hackers to execute arbitrary code), one affecting Chrome’s audio component while the other resides in the PDFium (CVE-2019-13721) library.

Both flaws could enable remote attackers to gain privileges on the Chrome browser, just by convincing users to visit malicious websites. This would allow them to escape sandbox protections and run malicious code on the systems.

The audio component issue was discovered and reported by Anton Ivanov and Alexey Kylaev, two Kaspersky researchers.

Although Google admitted that “is aware of reports that an exploit for CVE-201913720 exists in the wild”, they mentioned that “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

The use-after-free issue has been one of the most common flaws discovered in the Chrome browser lately. A month ago, Google had to release an urgent security update for Chrome, to patch a total of four use-after-free vulnerabilities. The most severe one could allow remote hackers to take control of an affected system.

The newest vulnerabilities have been patched via the 78.0.3904.87 update, available for Windows, Mac, and Linux operating systems.