Google has released urgent updates for 4 vulnerabilities. One of the vulnerability is rated Critical and the other three are rated High in severity. As per the Chrome advisory, the vulnerabilities are :
- CVE-2019-13685 : A critical Use-after-free issue in UI.
- CVE-2019-13688 : A Use-after-free issue in media.
- CVE-2019-13687 : A Use-after-free issue in media.
- CVE-2019-13686 : A Use-after-free issue in offline pages.
It is interesting to note that all the four vulnerabilities in Chrome are Use-after-free issues. A Use-after-free, identified as CWE-416 by Mitre, is an attempt to access a memory block after it has been freed which can lead to a direct memory crash, usage of unexpected values or execution of arbitrary code.
An attacker who tries to exploit these vulnerabilities can disclose sensitive information, bypass security restrictions, crash the application or even execute arbitrary code in the context of the browser by redirecting them to a specially crafted webpage.
Chrome has released security updates for these vulnerabilities. The Chrome security team has not yet disclosed the complete details of the vulnerabilities to prevent any cases of exploitation. The details would soon be available when a majority of the users have updated to the latest versions of Chrome.
Google Chrome versions before 77.0.3865.90
Successful exploitation allows an unprivileged attacker to remotely execute code, leak sensitive data or cause denial of service condition.