On Thursday, Google issued a Chrome security alert and urged users to update their browsers as soon as possible in light of the discovery of two high-severity security vulnerabilities.
In a blog post, Google engineers said an exploit for one of the two vulnerabilities has already been spotted in the wild.
"Google is aware of reports that an exploit for CVE-2019-13720 exists in the wild," the company said in announcing the release of Chrome version 78.0.3904.87.
Both vulnerabilities -- CVE-2019-13720 and CVE-2019-13721 -- were uncovered by Kaspersky researchers Anton Ivanov and Alexey Kulaev. They’re classified as “use-after-free” vulnerabilities, meaning they allow for “corruption or modification of data in the memory. This allows an unprivileged user to escalate privileges on an affected system or software,” according to the National Cyber Security website.
Manually check for updates
Google added that public access to bug details and links “may be kept restricted until a majority of users are updated with a fix.”
Although Chrome users are notified automatically when the latest update becomes available, Google is recommending that users manually check for the update by going to “Help” and tapping “About Google Chrome” from the menu.
The update rolled out by Google “addresses vulnerabilities that an attacker could exploit to take control of an affected system," the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) said in a statement.