Google Chrome decided to spook its users this Halloween by issuing an update that fixes 2 new use-after-free vulnerabilities "CVE-2019-13720" and "CVE-2019-13721", of which CVE-2019-13720 is already exploited in the wild. Use-after-free flaw, which in the least could result in a crash or could be leveraged by an attacker to run arbitrary codes or even enable remote code execution.
CVE-2019-13720 - affects the Chrome's audio component.
CVE-2019-13721- affects the PDFium library.
Google also announced, "Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed."
Resolution:
To stay secure against the aforementioned vulnerabilities, kindly update your systems to the latest chrome version 78.0.3904.87 by deploying the following patches using Patch Connect Plus, an integration software for third-party patching for SCCM:
Patch ID:
311540 (64 bit)
311539 (32 bit)
Happy patching! Stay secure!