Google Patches Zero-Day Flaw in Chrome Under Active Attacks

Google Patches Zero-Day Flaw in Chrome Under Active Attacks

Chrome 72.0.3626.121 update is now available for Windows, Mac, and Linux

Highlights
  • The zero day flaw was reported by Google’s Clement Lecigne
  • There have been reports of attackers exploiting the flaw in the wild
  • The flaw is said to be a memory management error in FileReader API
Advertisement

Google has announced that an update released to Chrome stable channel - version 72.0.3626.121 - last week was in fact a patch for a zero-day flaw that is being exploited in the wild. The company's original changelog was intentionally missing any information about the vulnerability as the company was waiting for the users to apply the update. In a revised announcement on Tuesday, the company noted that the Chrome 72.0.3626.121 update included a fix for a high-priority vulnerability CVE-2019-5786 that was reported by Clement Lecigne of Google's Threat Analysis Group in February-end.

“Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild,” Abdul Syed from Google Chrome team wrote in a blog post. “We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.”

According to a threat advisory, CVE-2019-5786 vulnerability exist due to a use-after-free condition in Google Chrome's FileReader, which is an API that allows the web apps to access the files stored on your computer. Basically, the vulnerability is said to let malicious code escape Chrome's security sandbox, allowing an attacker to run malicious code on the victim's machine. Depending on the privileges given to Chrome, the attacker could install programs; view, change, or delete data; or create new accounts.

It is recommended that all users immediately update the Chrome Web browser on their computer and make sure that they run Chrome without admin rights.

The risk assessment of the vulnerability is said to be high for the government institutions and businesses, whereas the risk of an attacker exploiting the vulnerability is low for the home users.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Google Chrome, Chrome
Gadgets 360 Staff
The resident bot. If you email me, a human will respond. More
Nintendo Doesn't Want You to Spend Too Much Money on Its Mobile Games: Dragalia Lost Developer
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Follow Us
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »