Google wants you to update Chrome right now

As a reminder here's what the default Start menu looked like in Windows 7

As a reminder here's what the default Start menu looked like in Windows 7

After initially publishing the 72.0.3626.121 update on March 1 with no mentions of the security flaw being abused, the Chrome team modified the announcement with exploitation information for the vulnerability stating that "Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild".

Google recently warned that a recent update to its Chrome web browser included a fix for a zero-day exploit that hackers were actively attempting to crack. Updated versions of Chrome have also been released for Android and Chrome OS.

A fix for the flaw has been shipped with the latest desktop (Windows, Mac, Linux) and Android Chrome versions, as well as that for Chrome OS. At this point, details of the vulnerability are scant, as Google said it's restricting access to bug details until a majority of users have installed the update. The exploit, known as CVE-2019-5786, is said to be a use-after-free flaw in the browser's FileReader application programming interface, an API created to allow the browser to access and read locally stored files. You will be shown your current browser version and be alerted if you have an update pending.

The bug, discovered by Googler Clement Lecigne, lies in the FileReader API portion of Chrome, and is a use-after-free () programming blunder.

Exploiting the vulnerability would allow an attacker to carry out what's known as RCE, or Remote Code Execution, and potentially implant malware on a user's computer.

"The use-after-free vulnerability is a class of memory corruption bug that allows corruption or modification of data in memory, enabling an unprivileged user to escalate privileges on an affected system or software", according to Hacker News.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.