Home News Chrome Zero Day Vulnerability – CVE-2019-13720 and CVE-2019-13721

Chrome Zero Day Vulnerability – CVE-2019-13720 and CVE-2019-13721

,

 November 4, 2019 

WHAT YOU NEED TO KNOW 

Multiple Google Chrome Zero Day Vulnerabilities have been discovered, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights. 

Users should always operate their systems with Least Privilege and avoid going to web sites using their elevated accounts such as –PR, -OU, -SA. 

This High severity vulnerability has been assigned CVE-2019-13720 and CVE-2019-13721.  

Google has released update 78.0.3904.87 to Chrome to address these issues.  

Additional information can be found on the SAT page and the USGS TST websites. 

The ePatching team will be deploying the latest Google Chrome version during the November ePatching cycle. 

WHAT YOU NEED TO DO 

The update to Google Chrome is available in MECM and BigFix for deployment.  The names of the application and fixlet are listed below.  Sites should deploy the update to their systems as soon as possible. 

  • MECM Application: 1-DOI-Google Chrome 78.087.0 (x64) 
  • BigFix Fixlet: DOI: Google Chrome 78.0.3904.87 Available 

Please note that MECM Google Chrome applications no longer include the BisonConnect desktop shortcut since DOI is in the middle of the E&C migration to Outlook. Sites that are not a part of ePatching will also need to push out the DOI-BisonConnect Shortcut-Pre-O365 package which can be found under \Software Library\Overview\Application Management\Packages\_DOI\Tier 1. This package has already been deployed to ePatching systems that are not a part of the E&C Pilot or Early adopter groups. 

Please forward this information to users within your sphere of influence for their awareness.  

Send questions to gs_epatching@usgs.gov

Comments are closed.