If you haven’t updated your Chrome browser, you may want to do so soon. Google recently discovered a couple of “zero-day” vulnerability affecting both Chrome and Windows OS. A vulnerability that attackers can “actively exploit” and use against the general user.
Specifically, the vulnerability exploits a security flaw known as CVE-2019-5786. A memory management issue found in Chrome’s FileReader that allows hackers to inject and execute malicious code.
To clarify, FileReader essentially allows web applications to read the contents of a user’s local file system. By targeting this process, hackers are able to fire up their malicious codes to bypass Chrome’s security and run commands beneath Windows OS.
This link has more context on the 0day attack observed against Chrome. Separately, I want to expand on why it was important to call out this attack more prominently than previous 0day attacks against Chrome. [1/3] https://t.co/9rGkXa6BoI
— Justin Schuh 🗑 (@justinschuh) March 7, 2019
Justin Schuh, a Chrome security engineer addressed the issue on Twitter. He attached a blog post detailing the vulnerability, along with the patch to the security flaw.
If you’re updating your browser, the version of Chrome you’re looking for should be listed as “72.0.3626.121”. You can check your Chrome version by typing “chrome://settings/help” in the address bar. This should trigger an update check, and Chrome will ask you to relaunch the browser once the update has been applied.
(Source: TechSpot, Engadget, Twitter, Google)