In a recent blog post https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html , Google revealed that it has released an urgent update for Chrome to address a zero-day vulnerability. In the post, the engineers from Google stated that they were aware of the issue.
The company wrote, “Google is aware of reports that an exploit for CVE-2019-13720 exists in the wild. We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.”
In case you are unaware, the zero-day vulnerability is a use-after-free vulnerability in Chrome’s audio component. These are memory corruption bugs which originate when an application tries to reference memory that had previously been assigned to it but was freed or deleted.
Although these vulnerabilities cause a program to crash, they can sometimes lead to under security concerns. At the moment however, it’s unclear if the latest exploit was used to launch attacks against Chrome users.
Back in April, Google patched another vulnerability, CVE-2019-5786, which was used alongside a Windows 7 zero-day. At that time, the exploits were used together by a hacking group.