If you are using Chrome browser on Windows, Mac, and Linux computers, you must immediately update it to the latest version.
With the launch of Chrome 78.0.3904.87, Google warns billions of users to immediately install an urgent software update to remedy two high-severity vulnerabilities, one of which attackers actively exploit in the wild to hijack computers.
All users will get in in a few weeks’ time, but if you’re eager to get the patch rolling, you can trigger a manual update immediately by opening up Chrome’s Help>About Google Chrome section.
Without revealing technical details about the vulnerability, the Chrome security team just says that both problems are vulnerabilities without use, one affecting the Chrome audio component (CVE-2019-13720), while the other resides in the PDFium ( CVE-2019-13721) library.
Vulnerability without use is a class of memory corruption problems that allow corruption or modification of memory data, allowing an unprivileged user to escalate privileges on an affected system or software.
Thus, both bugs could allow remote attackers to obtain privileges on the Chrome Web browser just by convincing the targeted users to visit a malicious website, allowing them to escape the sandbox protection and run malicious code.
The vulnerabilities have been discovered and reported by Kaspersky researchers Anton Ivanov and Alexey Kulaev. According to the security duo, the flaw has been found exploited in the wild, though the experts did not attribute the attacks to a specific threat actor.