Categories: world

Google Chrome Update Patches Zero-Day actively exploited in the wild

Google updated the release of Chrome browser version 72.0.3626.121 with a warning that the 0day patch in the release is actively used in the wild. After publishing the update 72.0.3626.121 for the first time on March 1, without mentioning that the security error was abusive, the Chrome team changed the vulnerability exploitation information message stating that "Google is aware of reports used for CVE-201 9-5786 exist in the wild. " The vulnerability is tracked as CVE-2019-5786 and classified by the Google Chrome team as severity is a useless error in the browser's FileReader API, an API designed to allow the browser to access and read locally stored files. Potential attackers can use malicious web pages designed to use previously released memory on a visitor's computer via the Chrome File eReader API to execute arbitrary code and take over the device or trigger a denial of service condition. Although it is possible to exploit a vulnerable Chrome installation, it can lead to very serious consequences of erasing data and malware infections, it is also important to understand that attackers can only run code under the user's browser. As this was shown, users logged on restricted rights accounts were less affected because attacks would have fewer and more limited tools at their disposal to abuse the machine they successfully compromised. Anyway, today's word is "update". Update your Google Chrome browser to the latest version 72.0.3626.121 as all previous versions are vulnerable to attacks using the CVE-2019-5786 vulnerability. Protection Control and Prevention Fortunately,…

 Google Chrome Update Patches Zero-Day actively exploited in the wild

Google updated the release of Chrome browser version 72.0.3626.121 with a warning that the 0day patch in the release is actively used in the wild.

After publishing the update 72.0.3626.121 for the first time on March 1, without mentioning that the security error was abusive, the Chrome team changed the vulnerability exploitation information message stating that “Google is aware of reports used for CVE-201

9-5786 exist in the wild. ”

The vulnerability is tracked as CVE-2019-5786 and classified by the Google Chrome team as severity is a useless error in the browser’s FileReader API, an API designed to allow the browser to access and read locally stored files.

Potential attackers can use malicious web pages designed to use previously released memory on a visitor’s computer via the Chrome File eReader API to execute arbitrary code and take over the device or trigger a denial of service condition.

 Google Chrome 72.0.3626.121

Although it is possible to exploit a vulnerable Chrome installation, it can lead to very serious consequences of erasing data and malware infections, it is also important to understand that attackers can only run code under the user’s browser.

As this was shown, users logged on restricted rights accounts were less affected because attacks would have fewer and more limited tools at their disposal to abuse the machine they successfully compromised.

Anyway, today’s word is “update”. Update your Google Chrome browser to the latest version 72.0.3626.121 as all previous versions are vulnerable to attacks using the CVE-2019-5786 vulnerability.

Protection Control and Prevention

Fortunately, Google Chrome should be configured by default to automatically update to the latest stable release, so most users just have to restart their browsers to be protected.

To limit the damage with null days’ vulnerabilities, such as just patched Chrome FileReader, use after use can lead to If they are successfully exploited, users should always keep their software up-to-date, run software, or log in with a limited account and think twice before visiting sites they do not trust or click on links from unknown sources.

Share
Published by
Faela