Security advisories

CVE-2019-13720 Chrome Zero-Day

November 25, 2019 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

The threat:

On October 31, 2019, Google released security updates for the Chrome browser to mitigate an actively exploited zero-day vulnerability [1]. CVE-2019-13720 is a use-after-free vulnerability in the Chrome audio component. If exploited, use-after-free vulnerabilities may allow for various multiple malicious actions. Due to the reports of active exploitation of CVE-2019-13720, users are recommended to upgrade to the most recent version of Chrome as soon as possible.

What we’re doing about it:

What you should do about it:

Additional information:

Details on CVE-2019-13720 remain minimal as Google is holding onto information until users have time to update. Kaspersky identified the zero-day vulnerability and has released some additional details regarding attacks in the wild [3].

A second vulnerability, CVE-2019-13721, was also fixed in the most recent release of Chrome. CVE-2019-13721 is also a use-after-free vulnerability but there are currently no reports of exploitation in the wild.

Indicators of compromise [3]:

References:

[1] https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html

[2] https://support.google.com/chrome/a/answer/6350036?hl=en

[3] https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/

View Most Recent Advisories