Your one-stop web resource providing safety and security information to manufacturers
Google released Chrome version 78.0.3904.87 for Windows, Mac, and Linux, which addresses vulnerabilities an attacker could exploit to take control of an affected system.

In addition, one of the vulnerabilities was being leveraged by attackers. The new version roll out is in progress.

This update includes two security fixes. One is a use-after-free in PDFium (CVE-2019-13721) vulnerability that fell into the high rating category. The other vulnerability also rated in the high category is a use-after-free in audio issue (CVE-2019-13720), for which there are exploits currently in play.

This vulnerability, reported by Kaspersky, is a Zero Day reported to be delivering malware in a campaign similar previous North Korea attacks.

The issue was reported to Google October 29 and Google jumped on the issue and quickly fixed it.

Schneider Bold

If an attack finds a victim, an encrypted payload that looks like a .jpg file is delivered to the victim. The payload is then decrypted and an executable file is dropped and run.

Kaspersky said the exploit takes advantage of the Windows Task Scheduler for persistence and its main module is designed to download other modules from a command and control (C&C) server.

Pin It on Pinterest

Share This