Google has credited two Kaspersky Labs researchers, Anton Ivanov and Alexey Kulaev, for discovering and reporting a vulnerability in the Chrome web browser, identified as CVE-2019-13720. Google classified the vulnerability as a “High Severity,” which is the most serious level affecting security. Chrome’s audio component is where the bug is found, and it is being described as a use-after-free flaw. Typically, when a program or application attempts to reference memory that has been wiped or replaced is when use-after-free vulnerabilities occur. Programs tend to crash when this happens, but other unintended scenarios can take place. Another Chrome zero-day was patched back in March and was also a use-after-free flaw. Early findings have not yet revealed whether the exploit that was announced yesterday is being used to launch attacks on individual Chrome users or if it’s part of a composite exploit chain.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.