Update Chrome to fix this critical zero-day vulnerability

Science

07 Mar 2019

Update Google Chrome: Critical zero-day bug discovered

Google's security team has warned about a major vulnerability in Chrome, calling on users to update their browsers immediately.

The vulnerability, which has been classified as a zero-day flaw, affects old versions of the browser and already appears to be under attack in the wild.

So, if not updated, your browser will be at risk.

Here's more on the issue and its fix.

Issue

What is this 'zero-day' vulnerability

What is this 'zero-day' vulnerability

A zero-day vulnerability is a security flaw that a developer fails to detect - and address - unless it goes public.

In this particular case, CVE-2019-5786, discovered by Clement Lecigne of Google's Threat Analysis Group, is Chrome's zero-day.

It has been described as an issue of 'high' severity but Google has not given specific details of the attack or its impact.

Vulnerability probably deals with FileReader API

Google said CVE-2019-5786 deals with 'Use-after-free' in FileReader. Now, this indicates the issue revolves around the FilerReader API responsible for letting web apps read local computer data. Also, do note that 'use-after-free' category of bugs allow for the execution of malicious code at most.

Love Tech news?

Stay updated with the latest happenings.

Yes, notify Me

Issue

Plus, the flaw is already under attack

Google has kept exact information under the hood to prevent the bug from being exploited before most users jump to the latest version.

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," the company said in a blog post.

It even claimed that some reports suggest an exploit for this bug already exists.

Update

Update available for all major platforms

Update available for all major platforms

Having said that, it is highly recommended to update Google Chrome on all the platforms you use.

The update for Windows, Mac, and Linux comes with version 72.0.3626.121 and has been available since Friday; head to chrome://settings/help to start the download manually.

Notably, a patch for Chrome OS and Android users has been also been released over the last few days.

Even Chrome's principal engineer has called users to update

Share this timeline

Chrome Download

Google Chrome

Google Chrome Download

Chrome

Chrome OS

Clement Lecigne

CVE

FileReader API

FilerReader API

Google

Threat Analysis Group

Update Google Chrome

Share this timeline

Ask NewsBytes
User Image

Most asked questions

Is this bug critical?

Should iOS users also update?

Are there any other flaws in Chrome?

Does this update add any features?

More questions

Is this bug critical?

Asked 2019-03-07 20:26:35 by Ankita Dutta

Answered by NewsBytes

The bug has been classified as an issue of high severity.

Should iOS users also update?

Asked 2019-03-07 20:26:35 by Ridhi Venkatesan

Answered by NewsBytes

It is not clear if the issue affects iOS users, but there's nothing wrong in updating the browser to the latest version.

Are there any other flaws in Chrome?

Asked 2019-03-07 20:26:35 by Sanvi Saxena

Answered by NewsBytes

No, this appears to be the only major flaw at this stage.

Does this update add any features?

Asked 2019-03-07 20:26:35 by Ananya Sharma

Answered by NewsBytes

No, it is an incremental update with a major security fix.

Next Timeline