Newly Discovered Zero-Day Vulnerability Found in Google Chrome
In order to stay secure using Google Chrome, you need to update your browser immediately. There is a security vulnerability in the FileReader component of Chrome that could allow remote attacker to access memory and execute code to take unauthorized control of your machine.
Here’s the official notice from Google:
“The stable channel has been updated to 72.0.3626.121 for Windows, Mac, and Linux, which will roll out over the coming days/weeks.
Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. (Updated 2019-03-05 to add reporter and exploitation information)
This update includes 1 security fix. Please see the Chrome Security Page for more information. Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild. We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.”
What is a zero-day vulnerability?
“A zero-day vulnerability is a software security flaw that is known to the software vendor but doesn’t have a patch in place to fix the flaw. It has the potential to be exploited by cybercriminals.”
How do I fix it?
Luckily, there’s a fix available for it that’s applied by simply updating your version of Google Chrome. To update your Google Chrome browser, go to the menu (3 vertical dots), navigate to Help > About Google Chrome.
When you launch this, the browser should check for updates and automatically update.
If you have any questions about this or anything cyber security or technology, please reach out to SandStorm IT at 901-475-0275.