Google has released an update for its Chrome browser to fix two serious zero-day vulnerabilities. One of the vulnerabilities is currently being exploited in the wild. It is strongly recommended that Chrome users immediately update their browser.
The two zero-day vulnerabilities are classed as “user-after-free” vulnerabilities, which is a memory corruption issue that could allow for unintended consequences like system crashing or code execution.
The National Cyber Security webpage lists the vulnerabilities as CVE-2019-13720 and CVE-2019-13721.
Kaspersky researchers, who were the first to discover the vulnerabilities, say one of the flaws was actively being exploited to install malware on user machines.
One vulnerability involves a bug in the Chrome audio component, while flaw number two is an issue with a PDF viewer. The audi component bug is currently the only one of the two that is being exploited.
The exploits are being deployed onto user devices via a Korean-language news portal. Kaspersky says the code shares some similarities with previous malware out of North Korea.
macOS, Windows, and Linux users are advised to update their Chrome browser immediately. If your browser isn’t set to update automatically, and if you browser version isn’t 78.0.3904.87, you should update.
To check your browser version, and to update the browser, Click the “Chrome” menu option in the Chrome menu. Then click “About Google Chrome.” You’ll be able to view your browser version, and update if needed form the page that displays.