- Researchers spotted recently patched Google Chrome zero-day flaw actively exploited in the wild.
- The zero-day flaw tracked as CVE-2019-5786 was discovered by security researcher Clement Lecigne.
- The flaw allows attackers to execute arbitrary code and take full control over the victim’s system.
- Google has addressed the flaw new version of Google Chrome released and users are advised to update it immediately.
Google has released a new version of Google Chrome addressing a zero-day vulnerability which is exploited in the wild.
The zero-day vulnerability in Google Chrome tracked as CVE-2019-5786 was discovered by security researcher Clement Lecigne from Google Threat Analysis Group in February.
The critical flaw could allow remote attackers to execute arbitrary code and take full control of the target system.
The vulnerability resides in the web browsing software and impacts all major operating systems including Windows, Apple macOS, and Linux.
According to Google’s notification, the flaw is a use-after-free flaw in the browser’s FileReader API. The FileReader API allows web applications to read the contents of files (or raw data buffers) stored on the user’s computer.
The use-after-free flaw in the FileReader component could allow unprivileged attackers to gain privileges on the Chrome web browser, escape sandbox protections and run arbitrary code on the victim’s system
The attacker could do this by simply tricking or redirecting users to a specially-crafted webpage.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.” said in the notification published by Google.
Google also has confirmed that flaw is being exploited in the wild and urged users to update their Google Chrome immediately.
Google has released Google Chrome version 72.0.3626.121 addressing the zero-day vulnerability. All users are advised to update their Google Chrome application in the system immediately.
You may be interested in reading:Several Photo Editing Apps Found Stealing Users Photos