Google releases fix for zero-day exploit in Chrome

Google releases fix for zero-day exploit in Chrome

Updated versions of Chrome have also been released for Android and Chrome OS.

Talking specifically about this exploitable bug, Chrome has chosen to keep the details under the hood to make sure that the majority of the users update their browsers before the flaw is made public.

The latest version fixes a security vulnerability (CVE-2019-5786) that can be potentially exploited by malicious webpages to hijack the software, and run spyware, ransomware, and other nasties on your device or machine.

USERS OF Google's Chrome browser have been advised to update it as a matter of urgency following the discovery of a "high severity" zero-day flaw that's being actively exploited.

Meanwhile, for Android users, Google said that an update with a fix for CVE-2019-5786 will be available by visiting the Google Play store. The exploit, known as CVE-2019-5786, is said to be a use-after-free flaw in the browser's FileReader application programming interface, an API created to allow the browser to access and read locally stored files.

Google revealed today that a Chrome zero-day the company patched last week was actually used together with a second one, a zero-day impacting the Microsoft Windows 7 operating system.

"Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild", the web giant said. The security flaw is a memory management issue in Chrome's FileReader which gives hackers the opportunity to inject and execute malicious code. Just going to that page will trigger an update check, and Chrome will prompt you to relaunch it when finished. If this isn't your version, you can manually start a download.

What Biehn is referencing is that Google Chrome is created to update automatically, with users rarely if ever noticing.

Related Articles