Google Chrome security experts issued an urgent notice for the Chrome browser across the platforms including Windows, MAC, and Linux. Google confirmed two zero-day security exploit in its chrome browser, One of which exploited in the wild CVE-2019-13720 and the 2nd (CVE-2019-13721) affects PDFium utility which chrome uses for PDF documents.
Security vulnerabilities were discovered by Kaspersky’s cybersecurity researchers Anton Ivanov and Alexey Kulaev. According to Kaspersky, Goozero-day exploit was embedded in the ‘Korean language news site’ that generally used to distribute malware via malicious JavaScript scripts codes. Kaspersky’s researcher named this as ‘WizardOpium’ which means bad news in the Korean language.
However, after the report, Google immediately released a new update of Chrome across the platforms including Windows, MAC, and Linux and confirmed, it has fixed both the vulnerabilities it has fixed both the vulnerabilities in the latest version of the Chrome browser. Users need to ensure they are using the updated version (78.0.3904.87) of the Chrome browser.
What is Google Chrome zero-day exploit
The attackers used zero-day exploit for Google Chrome users and at this point it yet it is unknown to the developers. Kaspersky’s researchers found that the bug is a use after free flaw, which is a system memory corruption flaw and it gain to access the system’s memory after it has been freed. This can harm your system in many ways including program crashes, injecting malicious codes and can allow cybercriminals to get full access into your system.
What Google Chrome Users need to do (Update. Update. Update)
Google and Kaspersky, both advised Chrome users to update your browser with its latest version (which is 78.0.3904.87) of the browser as soon as possible. If you had allowed an automatic update feature, then you just to need to restart your browser. To double-check or manually update, Click on 3 dots on the right top corner of the Chrome browser then click setting and then click on about Chrome (Setting-About Chrome) it will show you the version you are using also if you are using old version automatically it will start updating to the latest version. Once updated then restart your browser. Here below screenshot will help you to update the latest version, you need to make sure you are using 78.0.3904.87 version of Goggle chrome.
For Kaspserky’s researchers actively and timely information on Google Chrome zero-day exploit, Google has rewarded USD 7,500 for the disclosure of CVE-2019-13721 and CVE-2019-13720 reward hasn’t been determined yet.
