Latest Chrome update plugs a zero-day hole

Cyber Security

Users should waste no time in updating to the browser’s latest version

Google has revealed that the update for Google Chrome, rolled out late last week, addressed a security hole that attackers were already exploiting in the wild.

“Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild,” the company noted in an update on Tuesday after initially releasing the advisory last Friday. Also on Tuesday, a tweet by leading Chrome security engineer Justin Schuh added urgency to the issue: “[Like], seriously, update your Chrome installs… like right this minute”.

The vulnerability that affects the browser in Windows, Mac, and Linux was reported by Clement Lecigne of Google’s Threat Analysis Group on February 27.

The security hole is a “use-after-free” memory corruption bug in the browser’s FileReader API, a browser component intended to enable web apps to read locally stored files. That said, exploitation of the vulnerability can result in more damage than the API’s name might imply. As revealed by a note by the Center for Internet Security (CIS), attackers may ultimately be able to remotely execute arbitrary code on the targeted system:

“Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” reads the note. The zero-day can be triggered when a user is lured to a specially crafted web page.

In light of all that, users are advised to update to Chrome version 72.0.3626.121 if they haven’t done so already. Arguably the easiest way to check if an update is pending is to type chrome://settings/help into the browser’s address bar and, if your browser is indeed out of date, follow the prompts.





Products You May Like

Articles You May Like

“FINAL WARNING” email – have they really hacked your webcam?
5 Tips For Creating Bulletproof Passwords
You Rang? New Voice Phishing Attack Tricks Unsuspecting Users
Election security threats loom as presidential campaigns begin
Round 4 — Hacker Puts 26 Million New Accounts Up For Sale On Dark Web

Leave a Reply

Your email address will not be published. Required fields are marked *