Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Eugene

(62,736 posts)
Fri Nov 1, 2019, 09:17 PM Nov 2019

New Google Chrome Security Alert: Update Your Browsers As 'High Severity' Zero-Day Exploit Confirmed

Source: Forbes

EDITOR'S PICK Nov 1, 2019, 08:11am

New Google Chrome Security Alert: Update Your Browsers As ‘High Severity’ Zero-Day Exploit Confirmed

Davey Winder Senior Contributor
Cybersecurity
I report and analyse breaking cybersecurity and privacy stories

It takes a lot to scare anyone on Halloween night, but Google Chrome engineers were spooked enough to issue an urgent update announcement for the browser across all platforms. So, what gave Google the heebie-jeebies? The answer is not one but two security vulnerabilities, one of which has a zero-day exploit out in the wild already.

Here's what is known so far

The October 31 disclosure from Google confirmed that the "stable channel" desktop Chrome browser is being updated to version 78.0.3904.87 across the Windows, Mac, and Linux platforms. This urgent update will start rolling out "over the coming days/weeks," according to Google. Unlike recent Windows 10 security alerts advising not to install an update, Chrome users should ensure they do install this one.

At this moment in time, it is proving hard to find out much specific detail about either of the vulnerabilities concerned, other than the fact that one of the two being fixed by the update is already being exploited in the wild.

Google said that this is because: "Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on but haven’t yet fixed."

What is the Google Chrome zero-day exploit?

What is known is that the one that Google has said the exploit exists in the wild is for the CVE-2019-13720 vulnerability. This was reported by two Kaspersky researchers, Anton Ivanov and Alexey Kulaev, on October 29. According to a U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) statement, the Google update "addresses vulnerabilities that an attacker could exploit to take control of an affected system," but that's as far as the detail goes.

-snip-


Read more: https://www.forbes.com/sites/daveywinder/2019/11/01/new-google-chrome-security-alert-update-your-browsers-as-high-severity-zero-day-exploit-confirmed/#73f3f8a470b3
2 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
New Google Chrome Security Alert: Update Your Browsers As 'High Severity' Zero-Day Exploit Confirmed (Original Post) Eugene Nov 2019 OP
Done. TY BootinUp Nov 2019 #1
Updated thanks for the heads up Eugene. I_UndergroundPanther Nov 2019 #2
Latest Discussions»Help & Search»Computer Help and Support»New Google Chrome Securit...