Home > Cyber News > CVE-2019-13720: Severe Chrome Bug Exploited in the Wild
CYBER NEWS

CVE-2019-13720: Severe Chrome Bug Exploited in the Wild


CVE-2019-13720 is a new vulnerability in Chrome. Google is warning users that this use-after-free vulnerability in the browser’s audio component is currently being exploited in the wild.




CVE-2019-13720: some details

CVE-2019-13720 was discovered by Kaspersky security researchers Anton Ivanov and Alexey Kulaev
The vulnerability is highly severe, and is putting users at risk of attacks. Users are urged to update to latest version of Chrome, 78.0.3904.87, which will be rolling out in the upcoming days.

A successful exploit of the vulnerability could allow the attacker take control of the vulnerable system.

As already mention, the flaw is described as an use-after-free issue. Use-after-free vulnerabilities are in fact related to memory corruption. In these attacks, hackers are making attempts to access memory after it has been freed. This could lead to various malicious scenarios, such as crashing a program or even performing arbitrary code execution attacks.

Google is aware of the issue and that an exploit of the bug exists in the wild. “The stable channel has been updated to 78.0.3904.87 for Windows, Mac, and Linux, which will roll out over the coming days/weeks,” Google said.

Related: [wplinkpreview url=”https://sensorstechforum.com/cve-2019-5786-google-chrome/”]CVE-2019-5786: Vulnerability in Google Chrome, Patch Immediately

CVE-2019-13721 – another user-after-free bug fixed by Google

This is not the only vulnerability Google disclosed in the past few days. Another high-severity bug is CVE-2019-13721, which resides in PDFium. PDFium was developed by Foxit and Google, and is a PDF generation and rendering library.

CVE-2019-13721 is also of the use-after-free type but fortunately, there is no evidence of the bug being exploited in the wild. The bug was reported by a researcher known as “banananapenguin” who received a $7500 bounty via Google’s vulnerability disclosure program.

Google also noted that “access to bug details and links may be kept restricted until a majority of users are updated with a fix”.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree