Google Chrome has been found vulnerable to a zero-day vulnerability for which there may be an active exploit in the wild. The vulnerability in question is assigned the CVE-2019-5786 number, and fortunately, it has been patched.
All Chrome users are urged to update to the latest version of the browser to avoid attacks.
The vulnerability in question is assigned the CVE-2019-5786 number, and fortunately, it has been patched. All Chrome users are urged to update to the latest version of the browser to avoid attacks.
CVE-2019-5786 Technical Information
Google has not said much about the zero-day. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” the company said in an announcement.
What is known about the vulnerability is that it affects the browser\s FileReader API. It is a use-after-free flaw that can allow attackers to escape the Chrome sandbox and carry out remote code execution attacks on vulnerable systems.
CVE-2019-5786 was reported by Clement Lecigne who is a researcher for Google Threat Analysis Group on February 27. The good news is that the vulnerability has been fixed in the latest desktop versions of Chrome as well as in the Android and Chrome OS systems.
That being said, desktop Chrome users should immediately upgrade to v72.0.3626.121, Android users to v72.0.3626.121, and Chrome OS users to v72.0.3626.122.