Urgent Google Chrome Update Patches Critical Flaw
An urgent and important software update was released by Google for their Chrome web browser. It is crucial that all users upgrade to the latest available version as soon as possible.
The new version, Chrome 77.0.3865.90, contains security patches for 1 critical and 3 high-risk security vulnerabilities. The most severe could allow remote hackers to take control of an affected system.
All four vulnerabilities are "Use-After-Free" issues in different components of the web browser. This type of flaw refers to the attempt to access memory after it has been freed, which can cause a program to crash or potentially allow for the execution of arbitrary code.
Faults Corrected by Chrome 77.0.3865.90
- Use-after-free in UI (CVE-2019-13685) — Reported by Khalil Zhani
- Use-after-free in media (CVE-2019-13688) — Reported by Man Yue Mo of Semmle Security Research Team
- Use-after-free in media (CVE-2019-13687) — Reported by Man Yue Mo of Semmle Security Research Team
- Use-after-free in offline pages (CVE-2019-13686) — Reported by Brendon Tiszka
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser just by convincing a victim to open a specially-crafted web page.
Google has paid out bug bounties for the reported issues, and while Chrome automatically alerts users about updates, it is strongly recommended to initiate the update process manually.
You can check for and apply the update by going to “Help → About Google Chrome” from the menu to ensure your browser is protected.
