Not So Trick Or Treat - Google Chrome Zero-Day Vulnerability

It was more trick than treat last night for Google Chrome users who found a new update pushed down that patched an exploited zero-day vulnerability and one other fix. Automox customers can deploy Chrome version 78.0.3904.87 for Windows, macOS, and Linux operating systems immediately from their console.

Google Chrome Updates

  • High CVE-2019-13720: Use-after-free in audio.
    Reported by Anton Ivanov and Alexey Kulaev at Kaspersky Labs on 2019-10-29
  • High CVE-2019-13721: Use-after-free in PDFium.
    Reported by banananapenguin on 2019-10-12

More information on the updates can be found via this Google Chrome blog post.


The scariest of the two fixes, CVE-2019-13720, was discovered and reported to Google by Kaspersky. The exploit leverages a waterhole-style injection on Korean-language websites. Based in Javascript, the malicious code loads a profiling script from a remote site which would then check the victim’s machine for exploit potential. If the potential is there, the script takes action to infect the machine with a payload and enable the execution of code for an embedded shellcode payload. More information can be found on Kaspersky’s blog here.


The less scary, but not so sweet, fix CVE-2019-13721 patches the PDFium side of Chrome. This vulnerability enables an attacker to gain privileges on the browser, which in turn could lead to a malicious website load and the avoidance of local sandbox security.

Your Plan of Attack? Patch Now!

The most effective way to keep Chrome fully secure and up-to-date is to patch now and patch automatically. Applying patches for your operating systems and third-party apps as soon as they become available is the best way to prevent an exploit.

If you’ve already updated and have Automox policies in place, you should be secure. If not, we can help.

We recommend that you set up a single Patch All or Patch Critical policy to address Chrome and other apps. This will automatically apply any outstanding patches to your system on a regular schedule. You can also see which specific systems are impacted from the Software page (if enabled).

Log in to the console and click on the Software icon found in the left navigation pane. In the search box on the Software page, simply type the number of any Knowledge Base article or software title and hit enter. You can also sort the list by severity level. If devices are impacted, you will see a list of all impacted devices and versions, as well as information on severity and the associated CVE.

Screen Shot 2019-11-01 at 10.56.13 AM

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.