Published on: 01 November 2019
Google released a security update to address use-after-free vulnerabilities in the PDFium and audio components of the Google Chrome. A remote attacker could entice a user running a vulnerable browser to open a web page with specially crafted content to exploit the vulnerability.
Reports indicate that the vulnerability (CVE-2019-13720) is being exploited in the wild. Users are advised to take immediate action to patch the affected systems to mitigate the elevated risk of cyber attacks.
A successful exploitation could lead to arbitrary code execution on an affected system.
Users of affected systems should update the Google Chrome to version 78.0.3904.87 to address the issue. The update can be obtained through the auto-update mechanism or manually by visiting the "About Google Chrome" page (chrome://settings/help). Concerned users should relaunch the Google Chrome to make the update effective.
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html
https://support.google.com/chrome/answer/95414?co=GENIE.Platform%3DDesktop&oco=1
https://www.hkcert.org/my_url/en/alert/19110101
https://www.us-cert.gov/ncas/current-activity/2019/10/31/google-releases-security-updates-chrome
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13721