Google Chrome Browser Vulnerable To Huge Zero-Day Security Exploit, Update Now

Chrome Bandage
If you are reading this, there is a good chance you are doing so on a Chrome browser, based on the available market share data. And if that is the case, do yourself a solid and update Chrome, "like right this minute." That suggestion is not coming directly from us, but from Justin Schuh, Google Chrome's security boss and engineering director.

Schuh made the suggestion on Twitter, in which he pointed to a recent update to Chrome's Stable Channel for desktop systems. The reason he is sounding the alarm is because the latest update to Chrome mitigates a zero-day security hole labeled as CVE-2019-5786. The exact details of the zero-day vulnerability have not yet been disclosed, but it's presumably a big deal.
"Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed," Google stated in a recent and related security notice.

CVE-2019-5786 is labeled as a "High" level security threat. Google also says it is aware of the vulnerability being actively exploited in the wild. Because it is not just a proof of concept bug, it is imperative that Chrome users patch their browser to the latest version, in order to stay protected from this threat.

While details are limited, it appears to be an issue with memory management as it relates to a part of Chrome called FileReader, which allows developers to issues pop-up menus.

Chrome updates itself automatically, though if you leave your PC and browser running all the time, you may see a little green icon alerting you that a browser restart is required to apply the update. Or you might already be patched. Either way, you can check for updates by clicking on the three vertical dots in the browser's upper-right corner and navigating to Help > About Google Chrome. As of this writing, the latest Stable build is 72.0.3626.121.
Show comments blog comments powered by Disqus