From zdnet.com
Yesterday, on late Halloween night, Google engineers delivered the best scare of the evening and released an urgent update for the Chrome browser to patch an actively exploited zero-day.
“Google is aware of reports that an exploit for CVE-2019-13720 exists in the wild,” Google engineers said in a blog post announcing the new v78.0.3904.87 release.
The actively-exploited zero-day was described as a use-aster-free bug in Chrome’s audio component.
Google credited Anton Ivanov and Alexey Kulaev, two malware researchers from Kaspersky, with reporting the issue.