After a quiet summer, a new Chrome zero-day vulnerability has been discovered.
The details on how this new zero-day operates and even how severe the issue is are murky, but the solution as usual is the same: PATCH NOW.
This issue impacts all Chrome versions under 76.0.3809.132 and is tracked under CVE-2019-5869. While Google has yet to publish details on the vulnerability or its severity, the researchers who discovered it consider it critical. Any user that visits an infected website could have arbitrary code run in their browser, stealing data or preventing operations.
This type of vulnerability - use after free - is relatively unexploited this year, but the impact is the same Chrome vulnerabilities discovered earlier this year. All you or one of your employees has to do is navigate to a seemingly normal webpage. In the background, the vulnerability is exploited without your knowledge, and any code can be run in your browser. While this vulnerability does not seem to allow for access outside of the browser, it can be combined with other unpatched exploits to allow a hacker to gain full access to your machine. If you are several Chrome versions behind, the risk is significantly higher.
The only way to guarantee that all of your users update their systems today is with help.
Your Plan of Attack? Patch Your Endpoints Now!
The most effective way to keep Chrome fully secure and up-to-date is to patch now and patch automatically. Applying patches for your operating systems and third party apps as soon as they become available is the best way to prevent an exploit.
If you’ve already updated and have Automox Patch All policies in place, you will be secure. However, with this vulnerability, users with Patch Critical or other policies may need to take manual steps to ensure that they are patched. Why? Google has not yet published details, a severity score, or even guidance on the patch. You will need to use the Software page to get everyone up-to-date fast.
You see which specific systems are impacted from the Software page (if enabled).
Log in to the console and click on the Software icon found in the left navigation pane. In the search box on the Software page, type the number of any Knowledge Base article or software title and hit enter.
You can also sort the list by severity level. If devices are impacted, you will see a list of all impacted devices and versions, as well as information on severity and the associated CVE. Because a severity score has not yet been assigned by Google, one will not appear in Automox. Once it is available, Automox will automatically add it.
Automox can help ensure your systems are adequately patched in a timely manner in order to protect your organization against any cyber vulnerability. As a best practice, you should always ensure that you have at least one patch policy assigned to all of your devices for Critical, Medium, and Low severity patches. These updates are generally Security and Cumulative software updates. Automox is designed to automate your response to zero-day vulnerabilities like this and others across the Windows, MacOS, and Linux operating systems.
Current Automox customers can create policies that automatically handle the patching and execution of important updates for you every single month. Alternatively, you may contact our support team for technical assistance at firstname.lastname@example.org.
About Automox Patch Management
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.