Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
New Google Chrome Security Alert: Update Your Browsers As 'High Severity' Zero-Day Exploit Confirmed
Source: Forbes
EDITOR'S PICK Nov 1, 2019, 08:11am
New Google Chrome Security Alert: Update Your Browsers As ‘High Severity’ Zero-Day Exploit Confirmed
Davey Winder Senior Contributor
Cybersecurity
I report and analyse breaking cybersecurity and privacy stories
It takes a lot to scare anyone on Halloween night, but Google Chrome engineers were spooked enough to issue an urgent update announcement for the browser across all platforms. So, what gave Google the heebie-jeebies? The answer is not one but two security vulnerabilities, one of which has a zero-day exploit out in the wild already.
Here's what is known so far
The October 31 disclosure from Google confirmed that the "stable channel" desktop Chrome browser is being updated to version 78.0.3904.87 across the Windows, Mac, and Linux platforms. This urgent update will start rolling out "over the coming days/weeks," according to Google. Unlike recent Windows 10 security alerts advising not to install an update, Chrome users should ensure they do install this one.
At this moment in time, it is proving hard to find out much specific detail about either of the vulnerabilities concerned, other than the fact that one of the two being fixed by the update is already being exploited in the wild.
Google said that this is because: "Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on but haven’t yet fixed."
What is the Google Chrome zero-day exploit?
What is known is that the one that Google has said the exploit exists in the wild is for the CVE-2019-13720 vulnerability. This was reported by two Kaspersky researchers, Anton Ivanov and Alexey Kulaev, on October 29. According to a U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) statement, the Google update "addresses vulnerabilities that an attacker could exploit to take control of an affected system," but that's as far as the detail goes.
-snip-
New Google Chrome Security Alert: Update Your Browsers As ‘High Severity’ Zero-Day Exploit Confirmed
Davey Winder Senior Contributor
Cybersecurity
I report and analyse breaking cybersecurity and privacy stories
It takes a lot to scare anyone on Halloween night, but Google Chrome engineers were spooked enough to issue an urgent update announcement for the browser across all platforms. So, what gave Google the heebie-jeebies? The answer is not one but two security vulnerabilities, one of which has a zero-day exploit out in the wild already.
Here's what is known so far
The October 31 disclosure from Google confirmed that the "stable channel" desktop Chrome browser is being updated to version 78.0.3904.87 across the Windows, Mac, and Linux platforms. This urgent update will start rolling out "over the coming days/weeks," according to Google. Unlike recent Windows 10 security alerts advising not to install an update, Chrome users should ensure they do install this one.
At this moment in time, it is proving hard to find out much specific detail about either of the vulnerabilities concerned, other than the fact that one of the two being fixed by the update is already being exploited in the wild.
Google said that this is because: "Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on but haven’t yet fixed."
What is the Google Chrome zero-day exploit?
What is known is that the one that Google has said the exploit exists in the wild is for the CVE-2019-13720 vulnerability. This was reported by two Kaspersky researchers, Anton Ivanov and Alexey Kulaev, on October 29. According to a U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) statement, the Google update "addresses vulnerabilities that an attacker could exploit to take control of an affected system," but that's as far as the detail goes.
-snip-
Read more: https://www.forbes.com/sites/daveywinder/2019/11/01/new-google-chrome-security-alert-update-your-browsers-as-high-severity-zero-day-exploit-confirmed/#73f3f8a470b3
2 replies
= new reply since forum marked as read
= new reply since forum marked as read
