Google Patches Zero-Day Flaw in Chrome Under Active Attacks

Advertisement
By Gadgets 360 Staff | Updated: 6 March 2019 18:02 IST
Highlights
  • The zero day flaw was reported by Google’s Clement Lecigne
  • There have been reports of attackers exploiting the flaw in the wild
  • The flaw is said to be a memory management error in FileReader API

Chrome 72.0.3626.121 update is now available for Windows, Mac, and Linux

Google has announced that an update released to Chrome stable channel - version 72.0.3626.121 - last week was in fact a patch for a zero-day flaw that is being exploited in the wild. The company's original changelog was intentionally missing any information about the vulnerability as the company was waiting for the users to apply the update. In a revised announcement on Tuesday, the company noted that the Chrome 72.0.3626.121 update included a fix for a high-priority vulnerability CVE-2019-5786 that was reported by Clement Lecigne of Google's Threat Analysis Group in February-end.

“Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild,” Abdul Syed from Google Chrome team wrote in a blog post. “We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.”

Advertisement

According to a threat advisory, CVE-2019-5786 vulnerability exist due to a use-after-free condition in Google Chrome's FileReader, which is an API that allows the web apps to access the files stored on your computer. Basically, the vulnerability is said to let malicious code escape Chrome's security sandbox, allowing an attacker to run malicious code on the victim's machine. Depending on the privileges given to Chrome, the attacker could install programs; view, change, or delete data; or create new accounts.

It is recommended that all users immediately update the Chrome Web browser on their computer and make sure that they run Chrome without admin rights.

Advertisement

The risk assessment of the vulnerability is said to be high for the government institutions and businesses, whereas the risk of an attacker exploiting the vulnerability is low for the home users.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Google Chrome, Chrome
Advertisement

Related Stories

Popular Mobile Brands
  1. Nvidia's GeForce Now Cloud Gaming Service Is Finally Available in India
  2. Samsung Teases Next-Gen Galaxy Watch Health Features Ahead of Launch
  3. OnePlus Is Reportedly Preparing to Withdraw From These Two Markets
  4. Google Pixel 11 Series Gets Listed on the US FCC Database Ahead of Its Debut
  5. StepFun Unveils StepX Neo as World's First Agentic Smartphone
  1. Realme C100x India Launch Date Announced; Leaked Image of Retail Box Hints at Price in India
  2. Samsung Touts AI-Powered Health Tracking, Longer Battery Life on Next Galaxy Watch Models
  3. Nothing Phone (4b) With 6,000mAh Battery, Glyph Bar Goes on Sale in India: Price, Offers
  4. Bitcoin Holds Near $62,500 as Crypto Investors Remain Cautious Ahead of US Inflation Data
  5. Google Pixel 11, Pixel 11 Pro and Pixel 11 Pro XL Visit the US FCC Database a Month Ahead of Their Debut
  6. WhatsApp Might Soon Let iPhone Users Back Up Chats Without Using iCloud Storage
  7. Nvidia's GeForce Now Cloud Gaming Service Launched in India With Up to 5K Gaming Support: Prices, Benefits
  8. Microsoft Finally Gives Windows 11 Search a Major Cleanup; Promises Better App Discovery, Less Cluttered UI
  9. Apple’s Lawsuit Claims OpenAI Hired Over 400 Former Employees, Could Disrupt AI Firm's Plans to Launch Consumer Hardware
  10. AI Could Drive Mass Job Displacement and Transform Economies, Economists and 16 Nobel Laureates Warn
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.