Zero Day vulnerability in Google Chrome (CVE-2019-13720, CVE-2019-13721 )

Reply
Highlighted
L2 Linker

Zero Day vulnerability in Google Chrome (CVE-2019-13720, CVE-2019-13721 )

Hi Team,

 

Anyone know which Content Update (released or upcoming) might contain a mitigation for CVE-2019-13720, CVE-2019-13721

 

Refer the below link for Vulnerability details:
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitr...

 

Best Regards,

Sahul Hameed

Highlighted
Cyber Elite

Re: Zero Day vulnerability in Google Chrome (CVE-2019-13720, CVE-2019-13721 )

Hi @SahulH 

So far there is no vulnerability protection signature for these two CVEs. May be tomorrow when the new content update should be released there will be one but I really don't know if and when there will be a signature. Paloalto normally does not share this kind of information prior to release, but you could ask this question to support to may be get an answer.

Highlighted
L0 Member

Re: Zero Day vulnerability in Google Chrome (CVE-2019-13720, CVE-2019-13721 )

Does anyone know if Palo Alto has released any signatures yet?  Cisco releases theirs on 11/2.  

Highlighted
Cyber Elite

Re: Zero Day vulnerability in Google Chrome (CVE-2019-13720, CVE-2019-13721 )

@kpolly 

 

If you do a "Check Now" for your Dynamic Updates, you will see if PANW has released anything.

Do you have your Dynamics Updates scheduled (for Threats) to check every hour?

You may want to consider this.

 

If you only check 1x per week, you may be missing emergency updates.

 

What other questions can we answer for you?

Help the community: Like helpful comments and mark solutions
Highlighted
L0 Member

Re: Zero Day vulnerability in Google Chrome (CVE-2019-13720, CVE-2019-13721 )

Hi Steve,

 

Thank you for the info.  My team (security team) does not manage the Palo(our Network Team does).  Is there a website that I can visit that will provide me a list of the signatures that are available from Palo Alto so we can easily see if there is a signature for this zero day?  We want to verify that if there is a sig that it has been applied. 

 

Thank you

 

Karyn

Highlighted
Cyber Elite

Re: Zero Day vulnerability in Google Chrome (CVE-2019-13720, CVE-2019-13721 )

Hi @kpolly 

 

As soon as an update becomes available you should see it here: https://treatvault.paloaltonetworks.com (if you search for the CVE number)

Highlighted
L0 Member

Re: Zero Day vulnerability in Google Chrome (CVE-2019-13720, CVE-2019-13721 )

Thank you!

Highlighted
L2 Linker

Re: Zero Day vulnerability in Google Chrome (CVE-2019-13720, CVE-2019-13721 )

@SteveCantwell 

 

Hi Team,

 

For this Vulnerability i have opened up a TAC case and Palo Alto Threat team is waiting for a public PoC that was not yet found so far for our threat researcher to have enough details to produce a signature.

 

Best Regards,

Sahul Hameed

Highlighted
Cyber Elite

Re: Zero Day vulnerability in Google Chrome (CVE-2019-13720, CVE-2019-13721 )

FYI: With the emergency content update 8218 released today, there is now a vulnerability signature for CVE-2019-13720.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!