October 1st, 2019, Kathmandu
Google, Inc. has rolled out a software update for its famous and most widely used Chrome web browser. The company appealed to all Windows, Mac and Linux users to upgrade to the latest version that is available from their website. Google released the updated chrome version as a preventive measure against hackers who look to exploit the vulnerable features of the web browser.
Chrome 77.0.3865.90 version is updated with security patches for three high-risk and one critical vulnerability. The worst-case scenario presented by the company claims that remote hackers could access the affected system via these risk factors. The company decided to keep track of the four dangerous secrets and allow more time for users to update their applications.
The chrome security team has said that all the risk factors are use-after-free issues in various parts of the web browser, and the critical case might lead to unauthorized access to a remote device with attacking mentality.
The vulnerabilities that were patched by Chrome 77.0.3865.90 are:
- Use-after-free in UI (CVE-2019-13685) — Reported by Khalil Zhani
- Use-after-free in offline pages (CVE-2019-13686) — Reported by Brendon Tiszka
- Use-after-free in media (CVE-2019-13688) and Use-after-free in media (CVE-2019-13687)— Reported by Man Yue Mo of Semmle Security Research Team
The company has handed out $40,000 as rewards to Man Yue Mo of Semmle for the two vulnerabilities they reported.
With remote access codes, these risk factors would allow an attacker to execute specific laws in the browser itself by just getting the user to click a link or redirecting them to a particular webpage via the browser.