With the release of Chrome 78.0.3904.87, Google is warning millions of users to install an urgent software update immediately to patch two high severity vulnerabilities, one of which attackers are actively exploiting in the wild to hijack computers.
The flaw is enabling attackers to conduct remote code execution attacks, taking full control of their target PCs. Depending on the privileges given to Chrome, the attacker could install programs; view, change, or delete data; or create new accounts.
Additionally, the Google cybersecurity team has discovered that the flaw is located in the FileReader API component in the Google Chrome browser application. This is the main issue that allows launching code through remote servers.
Discovered and reported by Kaspersky researchers Anton Ivanov and Alexey Kulaev, the audio component issue in the Chrome application has been found exploited in the wild, though it remains unclear at the time which specific group of hackers.
“Google is aware of reports that an exploit for CVE-2019-13720 exists in the wild,” Google Chrome security team said in a blog post.
To patch both security vulnerabilities, Google has already started rolling out Chrome version 78.0.3904.87 for Windows, Mac, and Linux operating systems.
Although the Chrome web browser automatically notifies users about the latest available version, users are recommended to manually trigger the update process by going to “Help → About Google Chrome” from the menu.