Google Chrome Update Patches Actively Exploited Zero-Day

October 1st, 2019, Kathmandu

Google, Inc. has rolled out a software update for its famous and most widely used Chrome web browser. The company appealed to all Windows, Mac and Linux users to upgrade to the latest version that is available from their website. Google released the updated chrome version as a preventive measure against hackers who look to exploit the vulnerable features of the web browser.

Chrome 77.0.3865.90 version is updated with security patches for three high-risk and one critical vulnerability. The worst-case scenario presented by the company claims that remote hackers could access the affected system via these risk factors. The company decided to keep track of the four dangerous secrets and allow more time for users to update their applications.

The chrome security team has said that all the risk factors are use-after-free issues in various parts of the web browser, and the critical case might lead to unauthorized access to a remote device with attacking mentality.

The vulnerabilities that were patched by Chrome 77.0.3865.90 are:

  • Use-after-free in UI (CVE-2019-13685) — Reported by Khalil Zhani
  • Use-after-free in offline pages (CVE-2019-13686) — Reported by Brendon Tiszka
  • Use-after-free in media (CVE-2019-13688) and Use-after-free in media (CVE-2019-13687)— Reported by Man Yue Mo of Semmle Security Research Team

The company has handed out $40,000 as rewards to Man Yue Mo of Semmle for the two vulnerabilities they reported.

With remote access codes, these risk factors would allow an attacker to execute specific laws in the browser itself by just getting the user to click a link or redirecting them to a particular webpage via the browser.

Previous articleClass ‘C’ Finance Companies In Nepal
Next articleList Of Class D Bank In Nepal
Mina Aryal is a Nepali tech journalist and media expert. She is currently the chief editor of ICT Frame, a leading online tech media outlet in Nepal that covers topics such as technology, business, and entrepreneurship. Aryal has been involved in the field of tech journalism for over a decade and has covered various topics such as internet governance, cybersecurity, e-commerce, and startup ecosystems. She has also been involved in organizing and promoting tech events in Nepal to bring together tech enthusiasts, entrepreneurs, and investors to discuss and collaborate on various topics related to the tech industry. Aryal is considered one of the most influential tech journalists in Nepal and has been recognized for her contributions to the field.


Please enter your comment!
Please enter your name here