Update Your Browser ‘Like Right This Minute,’ Warns Google Chrome Security Chief

Ajustar Comentario Impresión

Google's latest update for the Chrome browser is able to fix this security flaw from the browser automatically.

Google has revealed that there is a zero-day vulnerability in its browser which attackers are actively exploiting, Engadget reported.

The CEO of Zerodium, Chaouki Bekrar, says that CVE-2019-5786 is exclusively responsible for the malicious code to break free from Chrome's security sandbox, after which it is easy for the code to execute commands on the underlying OS. Google maintains access to bug details "restricted" so that the flaw can not be exploited.

Most users who saw the company's release didn't think too much about a run-of-the-mill Chrome update, which Google provides on a regular basis, sometimes for the smallest of bugs.

If you still run an older version of Windows, the recommendation is to upgrade to Windows 10 and keep it updated with the newest patches. That said, it is still recommended to see if the browser has indeed updated itself and that the version shown is 72.0.3626.121.

A zero-day or 0day vulnerability is a bug or flaw in a code that has been discovered and disclosed but not yet patched.

Google said CVE-2019-5786 deals with "Use-after-free" in FileReader.

If you are reading this, there is a good chance you are doing so on a Chrome browser, based on the available market share data. The vulnerability CVE-2019-5786 was first spotted on February 27 by Google's Threat Analysis Group member.

If it is just a plugin, Chrome is actually smart enough that it could silently update the plugin behind the scenes without any user intervention.

You can download Opera for Windows, Linux, and macOS using these links, and given all of the above, you should make sure that you're running the latest release as soon as possible. And another Chromium-powered browser, Vivaldi, issued an updated version on March 4 to squash the bug, so evidently was affected as well.

Google's security team has warned about a major vulnerability in Chrome, calling on users to update their browsers immediately.