We still have one more week to relax between Patch Tuesdays, but it’s going to come sooner than you expect! With a new Google Chrome release this week and a bypassed CVE, there’s plenty to talk about during this lull.

On Patch Tuesday, LibreOffice released version 6.2.5 that remediated two CVEs (CVE-2019-9848, CVE-2019-9849). According to TheHackerNews, CVE-2019-9848 has already been bypassed by security researcher Alex Inführ, where scripts embedded within documents can be executed by arbitrary actions such as mouseover. For those of you that use this software, keep an eye out for an expedited fix for this vulnerability.

Security Releases

Google Chrome 76 released this week with 43 security fixes and 16 CVEs. The most notable feature of this new release is the overdue default blocking of Flash on all websites, as well as the prevention of detecting incognito mode. Five vulnerabilities are categorized as High Severity, with nearly all the vulnerabilities detailing a scenario where a specially crafted website could allow a user to execute code on the endpoint. In fact, BleepingComputer elaborates on CVE-2019-5859 where a security researcher built a proof of concept demo video where a specially crafted website opened Internet Explorer and escaped the sandbox, opening a command prompt.

Third-Party Updates

While Chrome was the highest-profile security release, other vendors have released non-security updates for their product. Review the list below to see if there are any updates that are critical to your environments.

Software Title

Ivanti ID

Ivanti KB

Apache Tomcat 7.0.96

TOMCAT-140

QTOMCAT7096

BlueJeans 2.14.491.0

JEANS-022

QBJN2144910

Camtasia 2019.0.4

CAMTA-018

QCAMTASIA1904

DropBox 78.4.119

DROPBOX-115

QDROPBOX784119

Evernote 6.20.2.8626

ENOT-020

QENOT62028626

Node.JS 10.16.1 (LTS Upper)

NOJSLU-009

QNODEJSLU10161

RealVNC Connect 6.5.0

RVNC-029

QRVNC650

Slack Machine-Wide Installer 4.0.1

SMWI-033

QSLACK401

Splunk Universal Forwarder 7.3.1

SPLUNKF-039

QSPLUNKF731

WinMerge 2.16.4

WMER-004

QWMERG2164

Free Whitepaper: What to do BEFORE all hell breaks loose