Google Patches Chrome Zero-Day Vulnerabilities Under Active Attack

Google has started rolling out a software update that includes security fixes for a couple of critical zero-solar day vulnerabilities in its Chrome web browser on Windows, Mac and Linux. The incoming software will curlicue out "over the coming days/weeks", and will update the stable channel to build 78.0.3904.87. Co-ordinate to an official blog post, the update fully mitigates the two bugs, at least one of which is said to already have an agile exploit that criminals are using to hijack computers.

Technical details are hard to come by at this point in fourth dimension, and Google says it would like to keep things that mode until a bulk of users have updated to the fixed version(s). Still, the visitor did reveal that i of the vulnerabilities (CVE-2019-13720) is affecting Chrome'due south sound component, while the other (CVE-2019-13721) is part of the PDFium library.

While the former was reported by Kaspersky researchers, Anton Ivanov and Alexey Kulaev, last Tuesday, the latter was reported earlier this month past an anonymous user who goes by their online pseudonym, 'banananapenguin'. According to Google, it is the sometime, the i reported by folks at Kaspersky, that is being actively exploited by hackers in the wild.

According to The Hacker News, both the bugs are use-afterward-gratuitous vulnerabilities, a blazon of memory corruption that tin can enable hackers to potentially alter data in the arrangement memory from a remote location. Thereafter, they can escape sandbox protections to surreptitiously escalate privileges and run capricious malicious lawmaking on affected systems. Basically, both are disquisitional flaws that could pose astringent security threats, which is why Google is advising all users to update to the latest version of Chrome as soon equally possible.