DESCRIPTION:
Both issues are use-after-free vulnerabilities, one is affecting Chrome's audio component (CVE-2019-13720) while the other is impacting PDFium (CVE-2019-13721) library that is used by Chrome to create and render PDF documents.
The use-after-free vulnerability is a class of memory corruption bug. It means the data in memory would be corrupted or modified by a hacker remotely. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser and take full control of the target computer.
AFFECTED RELEASES:
Google Chrome versions prior to 78.0.3904.70
SOLUTION:
Upgrade to at least Google Chrome 78.0.3904.87 by following steps:
1. Open the Google Chrome browser.
2. Enter “chrome://settings/help” in the address bar. The window that appears will automatically check for updates and show you the current version of Chrome.
3. After Chrome is updated, click the “RELAUNCH” option to restart Chrome and complete the update.
REFERENCE:
1. https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html
2. https://thehackernews.com/2019/11/chrome-zero-day-update.html