ALERT:Google fixes four critical Chrome vulnerabilities


Google has released urgent updates for 4 vulnerabilities. One of the vulnerability is rated Critical and the other three are rated High in severity. As per the Chrome advisory, the vulnerabilities are :

  • CVE-2019-13685 : A critical Use-after-free issue in UI.
  • CVE-2019-13688 :  A Use-after-free issue in media.
  • CVE-2019-13687 :  A Use-after-free issue in media.
  • CVE-2019-13686 :  A Use-after-free issue in offline pages.

It is interesting to note that all the four vulnerabilities in Chrome are Use-after-free issues. A Use-after-free, identified as CWE-416 by Mitre, is an attempt to access a memory block after it has been freed which can lead to a direct memory crash, usage of unexpected values or execution of arbitrary code.

An attacker who tries to exploit these vulnerabilities can disclose sensitive information, bypass security restrictions, crash the application or even execute arbitrary code in the context of the browser by redirecting them to a specially crafted webpage.

Chrome has released security updates for these vulnerabilities. The Chrome security team has not yet disclosed the complete details of the vulnerabilities to prevent any cases of exploitation. The details would soon be available when a majority of the users have updated to the latest versions of Chrome.


Affected Products

Google Chrome versions before 77.0.3865.90


Impact

Successful exploitation allows an unprivileged attacker to remotely execute code, leak sensitive data or cause denial of service condition.


Solution

Please refer to this KB Article to apply the patches using SanerNow.

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments