Chrome Zero-Day Vulnerability Found to Be Already Under Exploitation

  • High severity Chrome vulnerability discovered by Google, but attackers reportedly discovered it first.
  • The vulnerability allows for arbitrary code execution and remote escalation of privilege on the victim’s system.
  • All Chrome users are urged to update to the latest available stable version as soon as possible.

If you’re using the Chrome browser, you should immediately update to version 72.0.3626.121 or later. The reason for this urgency is that Google’s Threat Analysis Group has discovered a high-severity vulnerability that allows a remote attacker to take full control of the targeted system through Chrome, via arbitrary code execution. The particular vulnerability (CVE-2019-5786: Use-after-free in FileReader), affects all Chrome versions previous to the one mentioned above, and all three major operating systems (Windows, macOS, Linux). Marked as “RESERVED” right now, so no technical details have been disclosed yet, as people should be allowed some time to update to the latest and safest version.

Unfortunately, Google’s security engineers have admitted that exploitation of the particular vulnerability has already been observed in the wild, as this was reported to them by multiple independent security researchers. As the official announcement notes: “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

FileReader is one of Chrome’s API components that links web applications with the computer’s memory, allowing them to read data there. As it seems, some form of a memory corruption bug enables web applications to (custom crafted) to write data to the memory as well, resulting in a scary escalation of privileges by a remote attacker. Chrome is only serving as the vehicle for the hacker to launch an attack against the system, and the whole process could be as simple as opening a malicious website. As no actual details have been released yet, the above is just a rough guess of how the exploitation could generally be working.

Right now, the important part is to update to the latest version and do so immediately. Using the latest versions of your “daily drive” applications is crucial in staying safe against all kinds of threats. Zero-day vulnerabilities like the above are the scariest of them all, and the fact that attackers have been exploiting it for a currently unknown period of time proves that there’s always the chance of something serious going unnoticed by software vendors for a long time.

What is your browser of choice and why? Share your preference in the comments section below, and help us spread the word and protect more people out there by sharing this post through our socials, on Facebook and Twitter.

Latest
How to Watch The Greatest Beer Run Ever Online For Free on Apple TV+: Stream the Zac Efron Movie
A new adventure comedy movie set against the backdrop of the Vietnam War is soon going to premiere, and we can't wait...
How to Watch Young Sheldon Season 6 Online From Anywhere
Sheldon fans can rejoice, considering a new season of the prequel spin-off will soon premiere, and it will be extremely easy to...
How to Watch Fantasy Football League Online From Anywhere
The wait is almost over, and the reboot of the famous Fantasy Football League show is finally upon us. The show that...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari
[class^="wpforms-"]
[class^="wpforms-"]
[class^="wpforms-"]
[class^="wpforms-"]