Google released a security update for Chrome with the fixes of critical and High severity vulnerabilities with Chrome 77.0.3865.90, a Stable channel update for Windows, Mac, and Linux.
Google fixed 4 vulnerabilities that affected Chrome browser, in which 1 vulnerability marked as “Critical” and other 3 vulnerabilities are fixed under “High” severity.
Successful exploitation of the most severe critical Use-after-free vulnerability in UI Reported by Khalil Zhani could allow an attacker to execute arbitrary code in the context of the browser.
The attacker will redirect the victims to access a specially crafted web page and exploit the vulnerability to take control of the system.
Vulnerability Details:
- Use-after-free in UI. (CVE-2019-13685) – Critical
- Use-after-free in error. (CVE-2019-13686) – High
- Use-after-free in media. (CVE-2019-13687) – High
- Use-after-free in media. (CVE-2019-13688) – High
Based on the privilege that associated with a module, attacker gain exploit the vulnerability and execute the malicious program into the victim’s machine.
Chrome Users are highly recommended to apply the stable channel update provided by Google to vulnerable systems immediately after appropriate testing in both enterprise and individuals.
Google rewarded $40000 for the 2 high severity Use-after-free in media vulnerabilities reported by Man Yue Mo of Semmle Security Research Team.
According to Chrome press release notes ” Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL. “
How to Update
Steps to update for Windows, Mac, and Linux desktop users
- Open Chrome browser
- Head to Settings
- Expand help
- About Google Chrome
- The browser will process the update
Android and iOS users can update the Chrome browser app from their respective App stores.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates