Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Sunday March 10 2019, @08:31AM   Printer-friendly
from the tarnished-chrome dept.

Submitted via IRC for SoyCow1984

New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild

You must update your Google Chrome immediately to the latest version of the web browsing application.

Security researcher Clement Lecigne of Google's Threat Analysis Group discovered and reported a high severity vulnerability in Chrome late last month that could allow remote attackers to execute arbitrary code and take full control of the computers.

The vulnerability, assigned as CVE-2019-5786, affects the web browsing software for all major operating systems including Microsoft Windows, Apple macOS, and Linux.

Without revealing technical details of the vulnerability, the Chrome security team only says the issue is a use-after-free vulnerability in the FileReader component of the Chrome browser, which leads to remote code execution attacks.

What's more worrisome? Google warned that this zero-day RCE vulnerability is actively being exploited in the wild by attackers to target Chrome users.

[...] The patch for the security vulnerability has already been rolled out to its users in a stable Chrome update 72.0.3626.121 for Windows, Mac, and Linux operating systems, which users may have already receive or will soon receive in coming days.

So, make sure your system is running the updated version of the Chrome web browser.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Rosco P. Coltrane on Sunday March 10 2019, @10:38AM (2 children)

    by Rosco P. Coltrane (4757) on Sunday March 10 2019, @10:38AM (#812268)

    is all about making it as easy as possible to expose your internals (what is on your machine) to the internet

    No no, not just your machine's. Google knows all about your internals; they know you're about to ovulate, they know you might have the flu, they know you're not happy with your job, which causes you to have diarrhea on monday mornings, they know you're cheating on your taxes, and a whole host of other things...

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Sunday March 10 2019, @04:07PM (1 child)

    by Anonymous Coward on Sunday March 10 2019, @04:07PM (#812318)

    They don't actually know, they're convinced that they know because they're convined that their self-weighting PRNG ("AI") is infallible. The same way they believe stuff lind in-process sandboxing is a good idea (which requires ring0 access to be done correctly, ring0 access for a web browser).

    • (Score: 2) by PiMuNu on Monday March 11 2019, @12:35PM

      by PiMuNu (3823) on Monday March 11 2019, @12:35PM (#812646)

      ... and they are willing to sell their (lack of) knowledge to advertising, credit ratings agencies, and a whole host of bad actors.