Google reveals details of Chrome vulnerability that was exploited before last update

Ruben Fields
March 8, 2019

Google has advised users to manually trigger the Chrome update by going to About Google Chrome under the Chrome settings. Updated versions of Chrome have also been released for Android and Chrome OS.

Google's updated post revealed that the bug, CVE-2019-5786, was reported by a member of Google's Threat Analysis Group and that an exploit for it was already being used by attackers.

A zero-day is a vulnerability, usually unknown by a software vendor, that gives hackers a high level of access thanks to a critical flaw.

Meanwhile, for Android users, Google said that an update with a fix for CVE-2019-5786 will be available by visiting the Google Play store.

Mueller Team: Roger Stone Trial To Last 5-8 Days
By themselves, those attempts may not have constituted a crime, but authorities say Stone lied to Congress when asked about them. USA prosecutors also drew attention Monday in a court filing to another item on Stone's Instagram account.

While the details are scarce, we know that the flaw deals with memory management in Chrome's Filereader, which is an API that lets web apps read the content of files stored on user's computers.

Google Chrome's security lead has warned all the Chrome web browser (Windows, Mac, and Linux) users to update their applications to 72.0.3626.121 version immediately to protect themselves from a major security issue. A mark just needs to be lured into opening a booby-trapped website from, say, an instant-messenger link or email, or viewing a malicious advert, using a vulnerable version of Chrome to potentially fall victim. You will be shown your current browser version and be alerted if you have an update pending.

All one has to do is open a Google Chrome window and click on the three vertical dots in the right-hand corner.

"Despite Google's security program and despite their active collaboration with leading security researchers through generous bug bounty programs, it still suffers from memory corruption attacks related to the use of C and Cpp", Biehn explained. From there you can update as necessary, or use your favorite package manager to upgrade.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER