A security flaw in Google Chrome was under active attack last week. The vulnerability exploit CVE-2019-5786, is a memory management issue in Chrome’s FileReader which can allow hackers to inject and execute malicious code.
Google’s most recent update to chrome, Chrome 72.0.3626.121 version, released on March 1, 2019, includes only a single patch which addresses the issue and Google is urging everyone to update immediately.
For those who don’t know, FileReader is a system present in almost all the modern browsers and lets web apps read the contents of files stored on the user’s computer. According to Chaouki Bekrar, CEO of Zerodium, the vulnerability allows malicious code to escape Chrome’s security sandbox and run commands on the underlying OS.
Google has advised users to manually trigger the Chrome update by going to About Google Chrome under the Chrome settings. Google has said that the latest version of Chrome available right now is 72.0.3626.121 and users are advised to download the patch as soon as possible.