What You Need to Know About the Google Chrome Vulnerabilities

By on

While you might have been preoccupied with ghosts and goblins on Halloween night, a different kind of spook began haunting Google Chrome browsers. On October 31st, Google Chrome engineers issued an urgent announcement for the browser across platforms due to two zero-day security vulnerabilities, one of which is being actively exploited in the wild (CVE-2019-13720).

So, what is the Google Chrome zero-day exploit? While there are few specific details known at this time, researchers did uncover that the bug is a use-after-free flaw, which is a memory corruption flaw that attempts to access a device’s memory after it has been freed. If this occurs, it can cause a variety of issues including program crashes, execution of malicious code, or even allowing an attacker to gain full remote access to the device.

The second of the two vulnerabilities (CVE-2019-13721) affects PDFium, a platform developed by Foxit and Google. PDFium provides developers with capabilities to leverage an open-source software library for viewing and searching for PDF documents. Like the first bug, this flaw is also a use-after-free vulnerability. However, there have been no reports of it being exploited by cybercriminals for malicious purposes yet.

Luckily, Google has quickly acknowledged the vulnerabilities and is rolling out a patch for these bugs over the coming days. Meanwhile, follow these security tips to help safeguard your data and devices:

  • Update, update, update. Be sure to install the latest Chrome browser update immediately to help mitigate any risk of falling victim to these exploits.
  • Turn on automatic updates. Practice good security hygiene by turning on automatic updates. Cybercriminals rely on unpatched software to exploit vulnerabilities, so ensure that your device software is updated as soon as patches are available.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

 

Categories: Consumer Threat Notices
Tags: , , ,

Leave a Comment

Similar articles

For anyone who asks what happens during the tween through teen years, the best answer is probably, “What doesn’t happen?!” Just so you know, I’ve been there, done that, and got the T-shirt. And I survived. My kids were the first generation to grow up on social media. Like most teens in the mid-2000s, they ...
Read Blog
Cybercriminals seem to get more and more sophisticated with their attacks, and phishing scams are no different. The McAfee Labs team has observed a new phishing campaign using a fake voicemail message to trick victims into giving up their Office 365 email credentials. During the investigation, the team has found three different phishing kits being ...
Read Blog