Google has issued an update to its Chrome browser to patch two serious zero-day vulnerabilities — one of which is currently being exploited in the wild. Because of the seriousness of the vulnerabilities, it’s highly recommended that you update as soon as possible. Here’s what you should know.
The two high-severity zero-days are classed as “user-after-free” vulnerabilities. That’s a memory corruption issue that could allow for unintended consequences like system crashing or code execution.
According to the National Cyber Security webpage, the vulnerabilities are CVE-2019-13720 and CVE-2019-13721.
Researchers from Kaspersky, who first discovered the vulnerabilities, said that one of them was actively being exploited to install malware on user machines.
One of the vulnerabilities is described as a bug with Chrome’s audio component, while the second is an issue with a PDF viewer. Reportedly, the audio component bug is the only one being exploited.
Kaspersky added that the exploits were being deployed onto user devices by way of a Korean-language news portal.
While there wasn’t any evidence linking the zero-day exploits to past hacking groups, the cybersecurity firm noted that it shares some code similarities with past malware out of North Korea.
This is the second zero-day vulnerability discovered in Google Chrome this year. The past zero-day, which Google patched back in March, was also a user-after-free vulnerability.
Google, for its part, has issued a new update on Halloween night to address both vulnerabilities.
How to Update Chrome
Because of the severity of the vulnerabilities and the fact that they are currently used to deploy malware on user machines, it’s highly recommended that you update Google Chrome as soon as possible.
The specific update, version 78.0.3904.87, should now be available for users on Mac, Windows and Linux.
It should pop up automatically for most users. If it doesn’t, or to check what version you’re running, navigate to the About Google Chrome option in your browser’s menu. You should be able to update from there.
Additionally, it’s also recommended that you enable automatic software updates for Google Chrome or any other browser that you use. That way, you’ll be better-protected the next time a zero-day vulnerability is discovered.