Google urged Chrome users to update the new version immediately to fix the vulnerability
Immediately after reading this article, you must remember to update your Google Chrome immediately to the latest version!
On March 6, security researcher Clement Lecigne of Google Threat Analysis Group discovered and reported a serious security vulnerability that appeared in Chrome around the end of last month, which could allow someone to arbitrary attacks execute remote code and simultaneously take complete control of targeted computers.
This vulnerability is named CVE-2019-5786, and directly affects the Chrome platform that works on all popular operating systems, from Windows, macOS, to Linux.
- Supercomputers can completely detect cyber threats
The Threat Analysis Group has yet to disclose more technical details about this vulnerability, only to announce that this is essentially a use-after-free vulnerability that appears in Chrome's FileReader component, leads to remote code execution.
So what's more disturbing here? Google has warned that this zero-day RCE is being actively exploited by attackers to target Chrome users, especially those with high-end users who don't have much knowledge of security.
'Access to details and link errors can be restricted until most Chrome users are updated with a fix. In addition, we will also maintain restrictive measures if this error still exists in a third-party library that other similar projects are dependent on. The work is being urgently deployed by Google '.
FileReader is a standard API designed to allow synchronized web applications to read the content of files (or raw data buffers) stored on a user's computer, using "File" or "Blob" to specify the file or data object to read.
- Windows 10 KB4482887 update is officially released with Specter patch
The use-after-free vulnerability is a type of memory-related error, causing the memory to be corrupted or allowing data to be modified in memory, making the user completely deprived of privileges on the system or affected software.
The use-after-free vulnerability in the FileReader component can allow non-privileged attackers to now gain important rights in the user's Chrome browser, helping them to get rid of measures. Protection from sandbox and arbitrary code execution on targeted systems.
Basically, to exploit this vulnerability, all the attacker needs to do is trick the victim into opening or redirecting to a specially designed website without any other interaction.
- Install the patch immediately for Windows Server & Windows 10 to run IIS so that it will not be attacked by DOS
Google is calling all its users to update immediately to the latest version of Google Chrome 72.0.3626.121, released on March 1, 2019 for Windows, Mac and Linux operating systems. Google also mentioned that, manually updating Chrome, the patch is now available to all users.
You should read it
- Google Chrome again urgently updates to patch serious security holes
- Google Chrome has a serious zero-day error, and hackers can execute malicious code at its fullest
- Google Chrome has a function to warn users about MitM attacks
- Microsoft warns of Windows BlueKeep attacks
- Google launched Chrome 33, patched 7 new security bugs
- ProFTPD remote code execution vulnerability affects more than 1 million servers worldwide
- Google found 7 security bugs on the famous network software Dnsmasq
- The unsafe 'feature' on UC Browser allows hackers to take control of Android phones remotely
- Detects code execution vulnerabilities in WinRAR, noting more than 100 infringement cases
- The security flaw threatens more than 2 billion Google Chrome users
- Google released Google Chrome 26
- Chrome and Firefox have a serious security flaw, there is no way to fix it
Maybe you are interested
The game 'Dead Dinosaur' on Google Chrome is beautifully 3Dized, please experience it
Google uses AI to detect scams right on Chrome
How to Stop Chrome from Sending Crash Reports on Phone, PC
Troubleshooting Chromebook Not Charging
Chromebooks Can Go Android: Here Are 4 Features Everyone Wants on an Android Laptop!
How to turn off automatic opening of PDF files after downloading on Chrome