Home > Cyber News > CVE-2019-13720: Severe Chrome Bug Exploited in the Wild
CYBER NEWS

CVE-2019-13720: Severe Chrome Bug Exploited in the Wild

by   |  Last Update:  |  0 Comments  


CVE-2019-13720 is a new vulnerability in Chrome. Google is warning users that this use-after-free vulnerability in the browser’s audio component is currently being exploited in the wild.




CVE-2019-13720: some details

CVE-2019-13720 was discovered by Kaspersky security researchers Anton Ivanov and Alexey Kulaev
The vulnerability is highly severe, and is putting users at risk of attacks. Users are urged to update to latest version of Chrome, 78.0.3904.87, which will be rolling out in the upcoming days.

A successful exploit of the vulnerability could allow the attacker take control of the vulnerable system.

As already mention, the flaw is described as an use-after-free issue. Use-after-free vulnerabilities are in fact related to memory corruption. In these attacks, hackers are making attempts to access memory after it has been freed. This could lead to various malicious scenarios, such as crashing a program or even performing arbitrary code execution attacks.

Google is aware of the issue and that an exploit of the bug exists in the wild. “The stable channel has been updated to 78.0.3904.87 for Windows, Mac, and Linux, which will roll out over the coming days/weeks,” Google said.

Related: [wplinkpreview url=”https://sensorstechforum.com/cve-2019-5786-google-chrome/”]CVE-2019-5786: Vulnerability in Google Chrome, Patch Immediately

CVE-2019-13721 – another user-after-free bug fixed by Google

This is not the only vulnerability Google disclosed in the past few days. Another high-severity bug is CVE-2019-13721, which resides in PDFium. PDFium was developed by Foxit and Google, and is a PDF generation and rendering library.

CVE-2019-13721 is also of the use-after-free type but fortunately, there is no evidence of the bug being exploited in the wild. The bug was reported by a researcher known as “banananapenguin” who received a $7500 bounty via Google’s vulnerability disclosure program.

Google also noted that “access to bug details and links may be kept restricted until a majority of users are updated with a fix”.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  2. CVE-2020-15999: FreeType Zero-Day Bug in Chrome Exploited in the Wild Are you running the latest version of Google Chrome (currently...
  3. Microsoft Bugs CVE-2019-0803, CVE-2019-0859 Exploited in the Wild April 2019 Patch Tuesday is here, consisting of fixes for...
  4. Microsoft CVE-2021-28310 Bug Actively Exploited in the Wild This month’s Patch Tuesday fixes 110 security vulnerabilities, 19 of...
  5. CVE-2018-7602 Highly Critical Drupal Bug Actively Exploited in the Wild Drupalgeddon continues with one more remote code execution bug has...
  6. CVE-2021-33742: Microsoft Just Fixed 6 Security Bugs Exploited in the Wild Microsoft just fixed 50 vulnerabilities in June 2021 Patch Tuesday,...
  7. CVE-2021-30632 and CVE-2021-30633: Chrome Zero-Days Exploited in the Wild Is your Chrome browser up-to-date? Google just released fixes for...
  8. CVE-2022-0609: Zero-Day Bug in Chrome Exploited in the Wild CVE-2022-0609 is a new zero-day vulnerability in Google Chrome which...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree