Chrome users on Windows, macOS and Linux should update their browser immediately to version 78.0.3904.87. Anything older than that is plagued by two vulnerabilities that are being exploited in the wild right now. The first one is “CVE-2019-13720” and concerns the browser’s audio component, while the second one is “CVE-2019-13721” and it lies on the PDFium, according to Google’s blog post.The flaw that exists in the audio component is being actively exploited and can lead to computer hijacking.
As per one report, the nature of the vulnerabilities is that of the attacker accessing your PC’s memory. This can open the door to remote code execution, which can potentially lead to a gradual takeover of your PC. In other cases, Chrome or one of its tabs may be forced to crashing conditions. Google says that after the majority of the users upgrade to the latest version, they will consider the possibility of sharing more technical information regarding the flaws. Moreover, there’s also the case of those using Chrome-based browsers like Brave, Vivaldi, and Opera, who will get the bug-fixing update in the coming weeks.
The exploited bug was discovered and reported to Google by researchers at Kaspersky Labs. These new flaws remind me of a similar vulnerability that was uncovered in back in May this year. Back then, a vulnerability called CVE-2019-5786 was uncovered and was under exploitation at the time of its discovery. Google couldn’t tell for how long the attackers had been exploiting that bug, and the case is the same today. This practically means that Chrome users could have been affected by this attack for many months now, and no one even knew about it.
Google has since patched the security vulnerabilities in Chrome version 78.0.3904.87, which is available for Windows, Mac, and Linux operating systems.
Updating the browser
Chrome browser usually notifies users to update to the last version, but this time it’s better to manually update it by going following these steps:
- Go to ‘Menu’ (top right icon)
- Look for ‘Help’
- Click on ‘About Google Chrome’
- You will be redirected to a page, where the update should automatically begin once it has finished checking for the new updates. Then, users are instructed to relaunch the browser.