News

Google closes vulnerability in Chrome browser that is being actively exploited

By admin
Spread the love

Google has patched a serious use-after-free vulnerability in its Chrome browser. An exploit for the zero-day vulnerability is circulating. Google recommends that users update to the latest browser version as soon as possible.

The use-after-free vulnerability resides in Chrome’s FileReader, a web API that allows sites to access files on a user’s system. Use-after-free vulnerabilities involve memory corruption bugs that can be exploited through browser attacks. With the Chrome vulnerability CVE-2019-5786, the danger is that attackers could set up a special website to access memory on a victim’s system via the FileReader API and eventually execute arbitrary code.

Google recommends that users update to Chrome version 72.0.3626.121 for Windows, Mac, Linux, and Android. Google announced those versions last Friday, stating that a single security problem had been fixed. In an update, the company clarifies that an exploit has been found in the wild and malicious parties are therefore actively targeting exploitation of the vulnerability.

Justin Schuh of the Google Chrome security team speaks of a chain of zero days that Google found, potentially making it a combined exploit, such as escaping Chrome’s sandbox, which would increase the severity of potential attacks. Schuh advises to be updated immediately.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Nvidia releases GeForce RTX 4060 Ti variant with 16GB memory

News

Anticheat FaceIT gets Linux version, enables Steam Deck support