topic Re: Zero Day vulnerability in Google Chrome (CVE-2019-13720, CVE-2019-13721 ) in General Topics

Zero Day vulnerability in Google Chrome (CVE-2019-13720, CVE-2019-13721 )

SahulH — Mon, 04 Nov 2019 08:38:43 GMT

Hi Team,

Anyone know which Content Update (released or upcoming) might contain a mitigation for CVE-2019-13720, CVE-2019-13721

Refer the below link for Vulnerability details:
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2019-118/

Best Regards,

Sahul Hameed

Re: Zero Day vulnerability in Google Chrome (CVE-2019-13720, CVE-2019-13721 )

Remo — Mon, 04 Nov 2019 12:39:23 GMT

Hi @SahulH

So far there is no vulnerability protection signature for these two CVEs. May be tomorrow when the new content update should be released there will be one but I really don't know if and when there will be a signature. Paloalto normally does not share this kind of information prior to release, but you could ask this question to support to may be get an answer.

Re: Zero Day vulnerability in Google Chrome (CVE-2019-13720, CVE-2019-13721 )

kpolly — Mon, 04 Nov 2019 18:01:34 GMT

Does anyone know if Palo Alto has released any signatures yet? Cisco releases theirs on 11/2.

Re: Zero Day vulnerability in Google Chrome (CVE-2019-13720, CVE-2019-13721 )

S.Cantwell — Mon, 04 Nov 2019 19:01:19 GMT

@kpolly

If you do a "Check Now" for your Dynamic Updates, you will see if PANW has released anything.

Do you have your Dynamics Updates scheduled (for Threats) to check every hour?

You may want to consider this.

If you only check 1x per week, you may be missing emergency updates.

What other questions can we answer for you?

Re: Zero Day vulnerability in Google Chrome (CVE-2019-13720, CVE-2019-13721 )

kpolly — Mon, 04 Nov 2019 19:16:02 GMT

Hi Steve,

Thank you for the info. My team (security team) does not manage the Palo(our Network Team does). Is there a website that I can visit that will provide me a list of the signatures that are available from Palo Alto so we can easily see if there is a signature for this zero day? We want to verify that if there is a sig that it has been applied.

Thank you

Karyn

Re: Zero Day vulnerability in Google Chrome (CVE-2019-13720, CVE-2019-13721 )

Remo — Mon, 04 Nov 2019 19:22:06 GMT

Hi @kpolly

As soon as an update becomes available you should see it here: https://treatvault.paloaltonetworks.com (if you search for the CVE number)

Re: Zero Day vulnerability in Google Chrome (CVE-2019-13720, CVE-2019-13721 )

kpolly — Mon, 04 Nov 2019 20:02:11 GMT

Thank you!

Re: Zero Day vulnerability in Google Chrome (CVE-2019-13720, CVE-2019-13721 )

SahulH — Tue, 12 Nov 2019 05:44:25 GMT

@S.Cantwell

Hi Team,

For this Vulnerability i have opened up a TAC case and Palo Alto Threat team is waiting for a public PoC that was not yet found so far for our threat researcher to have enough details to produce a signature.

Best Regards,

Sahul Hameed

Re: Zero Day vulnerability in Google Chrome (CVE-2019-13720, CVE-2019-13721 )

Remo — Tue, 17 Dec 2019 19:27:34 GMT

FYI: With the emergency content update 8218 released today, there is now a vulnerability signature for CVE-2019-13720.