Chrome Zero Day bug CVE 2019-13720

Google has issued a warning to users to install an urgent software update to patch two high severity vulnerabilities. Google recommends users to update chrome on Windows, Linux and Mac OS to version 78.0.3904.87

Details of the vulnerabilities are given below

CVE-2019-13721: Use-after-free in PDFium.

CVE-2019-13720: Use-after-free in audio.

The use-after-free vulnerability is a class of memory corruption issues that allows corruption or modification of data in the memory, enabling an unprivileged user to escalate privileges on an affected system or software.

Thus, both flaws could enable remote attackers to gain privileges on the Chrome web browser just by convincing targeted users into visiting a malicious website, allowing them to escape sandbox protections and run arbitrary malicious code on the targeted systems.

Per Google CVE 2019-13720 has active exploits and is used in the wild.

Morphisec prevents the exploitation of vulnerabilities by disabling the framework required for successful exploitation.

Morphisec Endpoint Protector’s using Moving Target Defense as a concept requires no prior knowledge or updates to prevent the attacks thus effectively providing Advanced Defense in Depth and Application Virtual Patching capabilities to the organizations.