Google has urged all its users to immediately update to the latest version of Google Chrome after a critical vulnerability was discovered. The vulnerability exploits CVE-2019-5786, a security flaw and the only patch included in the Chrome 72.0.3626.121 version, released on March 1, 2019.
Google has described the vulnerability as a memory management issue in Chrome’s FileReader which can allow hackers to inject and execute malicious code. For those who don’t know, FileReader is a system present in almost all the modern browsers and lets web apps read the contents of files stored on the user’s computer. According to Chaouki Bekrar, CEO of Zerodium, the vulnerability allows malicious code to escape Chrome’s security sandbox and run commands on the underlying OS.
Google has advised users to manually trigger the Chrome update by going to About Google Chrome under the Chrome settings. Google has said that the latest version of Chrome available right now is 72.0.3626.121 and users are advised to download the patch as soon as possible.
Via: Naked Security