Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Kaspersky researchers found a Chrome 0-day exploited in attacks in the wild

Google released security updates to address two high severity flaws in Chrome, one of which is actively exploited in attacks in the wild to hijack computers. Google released security updates to address two high severity vulnerabilities in the Chrome browser, one of which is a zero-day flaw actively exploited in attacks in the wild to […]

Google Chrome Gemini Live

Google released security updates to address two high severity flaws in Chrome, one of which is actively exploited in attacks in the wild to hijack computers.

Google released security updates to address two high severity vulnerabilities in the Chrome browser, one of which is a zero-day flaw actively exploited in attacks in the wild to hijack computers.

The vulnerabilities, tracked as CVE-2019-13720 and CVE-2019-13721, reside respectively in Chrome’s audio component and in the PDFium library.

“[$7500][1013868] High CVE-2019-13721: Use-after-free in PDFium. Reported by banananapenguin on 2019-10-12[$TBD][1019226] High CVE-2019-13720: Use-after-free in audio. Reported by Anton Ivanov and Alexey Kulaev at Kaspersky Labs on 2019-10-29″ reads the advisory published by Google. “Google is aware of reports that an exploit for CVE-2019-13720 exists in the wild.”

The vulnerabilities affect the Chrome browser on your Windows, Mac, and Linux computers. Google released the Chrome version 78.0.3904.87 to fix the issues, users are recommended to install the update immediately.

Google did not provide technical details of the flaws, both flaws could be exploited by a remote attacker to elevate privileges on the Chrome web browser and escape sandbox protections.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.” continues the advisory.

The vulnerabilities could be exploited by tricking Chrome users into visiting specially-crafted malicious websites and potentially run arbitrary malicious code on the targeted systems.

The zero-day flaw in the audio component, CVE-2019-13720, was reported by Kaspersky researchers Anton Ivanov and Alexey Kulaev. According to the security duo, the flaw has been found exploited in the wild, though the experts did not attribute the attacks to a specific threat actor.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Chrome, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]