Google revealed a security flaw on Halloween, so maybe update Chrome now
While you were out trick or treating on Halloween night, Google engineers released a warning about a new Chrome security flaw.
On Oct. 31, Google shared informationregarding two recently discovered vulnerabilities. The search giant has confirmed that a zero-day exploit exists for one of these security issues.
A zero-day exploit is basically when a nefarious party discovers a bug they can use for a cyber attack before the original developer can issue a fix.
Google released a security update to fix the problem that will roll out automatically to all users in the coming days and weeks. Users can manually update Google Chrome immediately by going to the “About Google Chrome” section in the menu bar.
“This version addresses vulnerabilities that an attacker could exploit to take control of an affected system,” said a statementreleased by the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA).
Google hasn’t divulged many details about the flaws, which the company says is for security purposes.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” reads the security alert from Google. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
However, here’s what we know so far. The two vulnerabilities, CVE-2019-13720 and CVE-2019-13721, are considered “use-after-free” flaws. This is when an application attempts to reference previously used memory after it’s been freed or deleted. When this occurs, bad actors can exploit the memory corruption to execute malicious code.
One of the two Chrome bugs affect the PDFium library, which generates PDFs. The other, which has a zero-day exploit in the wild, involves Chrome’s audio component.
The discoverywas made by Anton Ivanov and Alexey Kulaev, two researchers from the cybersecurity firm Kaspersky.
Google Chrome’s last major security vulnerability involving a zero-day exploit occurred just earlier this year. The company pushed out an update in March after a memory management error involving FileReader was discovered.
相关文章
22 Unusual Things You Can Find in the Desert
In the desert, it can seem like very little exists aside from dunes and a few creatures that are ada2024-09-22- South Korea on Tuesday offered to cut its carbon dioxide emissions by 37 percent from the expected b2024-09-22
How to watch Mark Zuckerberg's keynote at the Facebook F8 conference
Facebook will soon kick off one of its biggest events of the year: its annual F8 developer conferenc2024-09-22US not seeing indications of 'direct' N. Korean threat at this time: Washington official
North Korea's leader Kim Jong-un delivers a speech during the 19th enlarged meeting of the political2024-09-22Is Mercury retrograde messing with you? Think again.
Mercury is a little-known, still mysterious world.But one thing is certain. Mercury, the closest pla2024-09-22How to watch Mark Zuckerberg's keynote at the Facebook F8 conference
Facebook will soon kick off one of its biggest events of the year: its annual F8 developer conferenc2024-09-22
最新评论