https://news.cnblogs.com/n/647075/
It is strongly recommended: Chrome users, please upgrade your browser as soon as possible! Fixes two serious zero-day vulnerability in an emergency patches Google released today, and one that has been exploited by hackers. Chrome security team said that both vulnerabilities are use-after-free form, by allowing the hacker to execute arbitrary code on the infected device. One vulnerability exists in the audio component of the browser, and the other is present in PDFium library. Windows, macOS and GNU / Linux version of the three major platforms are affected.
Internet Security Center warned: "discovered multiple vulnerabilities in Google Chrome" and said CVE-2019-13720 and CVE-2019-13721 severity levels are high. He wrote in a subsequent warning: "Both flaws allow an attacker to execute arbitrary code in the browser, access to sensitive information, bypass certain security restrictions and execute unauthorized actions or cause a denial of service."
Google Chrome team said in a blog, stable version has been upgraded to 78.0.3904.87, fixes both problems:
This update includes two security fixes. Below, we highlight the fix provided by external researchers. See the Chrome security page for more information.
[$ 7500] [1,013,868] High CVE-2019-13721: Use-after-free PDFium assembly. As reported by banananapenguin in 2019-10-12.
[$ TBD] [1019226] High CVE-2019-13720: Use-after-free audio components. Anton Ivanov and Alexey Kulaev Kaspersky Lab reported on 2019-10-29
Google has admitted that hackers use to attack vulnerability CVE-2019-13720 to Chrome users. Now we can not disclose more information about security vulnerabilities.