Google Chrome Update Patches Zero-Day Actively Exploited in the Wild

More from: | Bleeping Computer |
0

Google updated the release announcement for the Chrome web browser version 72.0.3626.121 with a warning that the 0day patched in the release is being actively exploited in the wild.

After initially publishing the 72.0.3626.121 update on March 1 with no mentions of the security flaw being abused, the Chrome team modified the announcement with exploitation information for the vulnerability stating that “Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild.”

The security issue tracked as CVE-2019-5786 and rated by the Google Chrome team as high severity is a use-after-free flaw in the browser’s FileReader API, an API designed to allow the browser to access and read locally stored files.

Potential attackers can employ maliciously crafted web pages designed to allow

(...)

Read full article » https://www.bleepingcomputer.com/news/security/google-chrome-update-patches-zero-day-actively-exploited-in-the-wild/


About | Bleeping Computer |

Bleeping Computer® is a technical support site and a self-education tool for the novice user to learn basic concepts about Computer Technology. Our focus is to allow the novice computer user to be able to have a place that they can come and discuss computer/technology problems with their peers and at the same time have a rich resource in which to learn the "basics" about computers and technology.

We have found, with our extensive experience in helping users, whether they be family, friends, coworkers, or clients, that most technical support problems lie not with the computer, but with the fact that the user does not know the "basic concepts" that underlie all issues of computing. These concepts include hardware, files and folders, operating systems, Internet, and applications.

»Twitter: @BleepinComputer »Facebook: @BleepingComputer »YouTube: BleepingComputer