On Halloween night, Google discloses Chrome zero-day exploited in the wild

From zdnet.com

Chrome

Yesterday, on late Halloween night, Google engineers delivered the best scare of the evening and released an urgent update for the Chrome browser to patch an actively exploited zero-day.

“Google is aware of reports that an exploit for CVE-2019-13720 exists in the wild,” Google engineers said in a blog post announcing the new v78.0.3904.87 release.

The actively-exploited zero-day was described as a use-aster-free bug in Chrome’s audio component.

Google credited Anton Ivanov and Alexey Kulaev, two malware researchers from Kaspersky, with reporting the issue.

Read more…