The browser Google Chrome not sure, because of two serious vulnerabilities that could be used by hackers to execute arbitrary code and potentially take control of the computer. Fortunately, however, Google has already released a patch for both vulnerabilities and placed them in the latest version of the browser, the 78.0.3904.87.
The first vulnerability was classified with the code CVE-2019-13721 and was discovered by "bananapenguin" on 12 October, the second was classified with the code CVE-2019-13720 and was reported to Google by Anton Ivanov and Alexey Kulaev of Kaspersky Labs on October 29. As foreseen by the Vulnerability Reward Program, both reports will be rewarded with cash prizes. And also a lot of money: for the CVE-2019-13721 Google will pay a good 7.500 dollars to bananapenguin, for the CVE- 2019-13720 the amount has not yet been decided. Both vulnerabilities affect the versions of Chrome for Windows, Mac and Linux.
Google Chrome vulnerability: what users risk
The two vulnerabilities are very different from each other, but they are both of the "use-after-free" type, they affect the memory of the computer on which Chrome is running and are both considered very dangerous by Google. With a "use-after-free" attack a hacker can remotely write data to the computer's memory and, consequently, launch malicious code and acquire maximum privileges to fully control the PC (or Mac) in question. two vulnerabilities has to do with the PDFium library, which Chrome uses to show PDF files and their print previews. The second, on the other hand, is one vulnerability of the software module used by Chrome to play audio. Furthermore, the latter vulnerability has already been used at least once by hackers, as Google itself admits.
Google Chrome vulnerability: how to defend yourself
The only way users have to defend against CVE-2019-13721 and CVE-2019-13720 vulnerabilities is to update Chrome to version 78.0.3904.87. Unfortunately, this update is still in the roll-out phase and not everyone can install it right now: it will be made available gradually in all countries, since the vulnerabilities are independent of the language used by the user to browse the web with Google Chrome.
Update Chrome immediately, dangerous vulnerabilities discovered