Zero Day vulnerability in Google Chrome (CVE-2019-13720, CVE-2019-13721 )

Reply
L2 Linker

Zero Day vulnerability in Google Chrome (CVE-2019-13720, CVE-2019-13721 )

Hi Team,

 

Anyone know which Content Update (released or upcoming) might contain a mitigation for CVE-2019-13720, CVE-2019-13721

 

Refer the below link for Vulnerability details:
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitr...

 

Best Regards,

Sahul Hameed

Cyber Elite

Hi @SahulH 

So far there is no vulnerability protection signature for these two CVEs. May be tomorrow when the new content update should be released there will be one but I really don't know if and when there will be a signature. Paloalto normally does not share this kind of information prior to release, but you could ask this question to support to may be get an answer.

L0 Member

Does anyone know if Palo Alto has released any signatures yet?  Cisco releases theirs on 11/2.  

Cyber Elite

@kpolly 

 

If you do a "Check Now" for your Dynamic Updates, you will see if PANW has released anything.

Do you have your Dynamics Updates scheduled (for Threats) to check every hour?

You may want to consider this.

 

If you only check 1x per week, you may be missing emergency updates.

 

What other questions can we answer for you?

Help the community: Like helpful comments and mark solutions
L0 Member

Hi Steve,

 

Thank you for the info.  My team (security team) does not manage the Palo(our Network Team does).  Is there a website that I can visit that will provide me a list of the signatures that are available from Palo Alto so we can easily see if there is a signature for this zero day?  We want to verify that if there is a sig that it has been applied. 

 

Thank you

 

Karyn

Cyber Elite

Hi @kpolly 

 

As soon as an update becomes available you should see it here: https://treatvault.paloaltonetworks.com (if you search for the CVE number)

L0 Member

Thank you!

L2 Linker

@SteveCantwell 

 

Hi Team,

 

For this Vulnerability i have opened up a TAC case and Palo Alto Threat team is waiting for a public PoC that was not yet found so far for our threat researcher to have enough details to produce a signature.

 

Best Regards,

Sahul Hameed

Cyber Elite

FYI: With the emergency content update 8218 released today, there is now a vulnerability signature for CVE-2019-13720.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!