70+ Things you must know before buying a laptop | Complete Laptop buying guide | How to buy a laptop

on
0

Chrome-Zero-day vulnerability

on

Chrome-Zero-day vulnerability

The zero-day vulnerability was discovered being exploited in the wild by Anton Ivanov and Alexey Kulaev, two security researchers from Kaspersky.

With the version of Chrome 78.0.3904.87 which recently released. Google is warning millions of users to install an urgent software update immediately to patch two high-security vulnerabilities, one of which attackers are actively exploiting in the wild to hijack the computer.

The two high severity vulnerabilities are known as CVE-2019-13720 and CVE-2019-13721 and classed as "use-after-free" vulnerabilities, which allow for a PC to be hijacked.

The two high severity vulnerabilities are known as CVE-2019-13720 and CVE-2019-13721 and classed as "use-after-free" vulnerabilities, which allow for a PC to be hijacked.
Engineers of Google have released an update for the Chrome browser which patches an actively exploited zero-day vulnerability. Use-after-free vulnerabilities are memory corruption bugs that result when an application tries to reference memory that had previously been assigned to it but was freed or deleted.

 Generally, these types of vulnerabilities cause a program to crash but they can also lead to other unintended consequences as was the case with another Chrome zero-day Google patched back in March. That vulnerability, CVE-2019-5786 was used alongside a Windows 7 zero-day which was also patched back in April. According to Kaspersky, both exploits were used together by an unnamed nation-state hacking group.

 In a blog post announcing the stable channel update of Chrome's 78.0.3904.87 release, the engineers revealed that they knew the zero-day was being exploited in the wild and thanked the security researchers who brought this matter to their attention, saying:
“Google is aware of reports that an exploit for CVE-2019-13720 exists in the wild. We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.”

 But still, it is not clear that this latest Chrome zero-day was used to launch attacks against Chrome users or whether it is part of a more complex exploit chain that exploits several vulnerabilities as was the case back in March.

Comments

Post a Comment