EXECUTIVE SUMMARY:

The spookiest of scares on Halloween night came from Google engineers, who publicized that not just one, but two exploits to the Chrome browser have been identified. One of the two, CVE-2019-13720, exists in the wild.

“Without revealing technical details of the vulnerability, the Chrome security team only says that both issues are use-after-free vulnerabilities, one affecting Chrome’s audio component (CVE-2019-13720) while the other resides in the PDFium (CVE-2019-13721) library,” reports The Hacker News.

The identified vulnerabilities retain the potential to corrupt a program’s memory, causing it to crash, use unexpected values or to needlessly execute code.

A software update to patch these vulnerabilities has been released by Google, and Chrome users are advised to urgently install it. The software update “addresses vulnerabilities that an attacker could exploit to take control of an affected system,” reports the US Cybersecurity and Infrastructure Security Agency (CISA) Further details are presently unavailable.

To read the original Google blog post on the subject, click here.