by Patrick Kapp
Desktop & Applications Architect
The Cybersecurity and Infrastructure Security Agency (CISA) has released a bulletin advising all users and administrators to apply new patches to Google Chrome that target newly discovered security flaws. The change addresses vulnerabilities that an attacker could exploit to take control of an affected system.
The vulnerability was uncovered over the weekend by security experts participating in a hacking competition in China. The specific vulnerabilities targeted the browser’s Bluetooth components (changelog). Unpatched devices are exposed to Out-of-Bounds (OOB) access and Use-After-Free Exploits, allowing for undefined behavior and execution of malicious code.
At this time this build is classified as stable with no known issues. This release follows a recent update which broke functionality within VDI sessions. That issue has since been resolved, but not without leading some to question Google’s quality control and ability to change settings and behavior without notifying users and organizations.
Chrome 78.0.3904.108 is available for Windows, Mac, and Linux.
If you have any questions about this security information or need to discuss how to better protect your company, please contact us at firstname.lastname@example.org.