Zero - Day Vulnerability Found

Clement Lecigne who works for Google’s Threat Analysis Group and is a Security researcher there reported a high severity vulnerability in Chrome recently.  This vulnerability allows remote attackers to execute arbitrary code and take complete control of the computer.   

This vulnerability affects all major operating systems’ web browsing software; Apple mac OS, Linux, and Microsoft Windows.  

You must immediately update your Google Chrome to the latest web browsing application.

This vulnerability is being actively used

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” the Chrome security team notes. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

The issue is a use-after-free vulnerability in the FileReader component of the Chrome browser, which leads to remote code execution attacks.  It is a class of memory corruption bug that allows the data in memory to be corrupted or modified.  This allows the attacker to escalate their own privileges on the affected system or software.  

Once privileges are gained they can escape sandbox protections and run arbitrary code on the targeted system.

All an attacker needs to do is trick users into opening, or redirecting them to, a specially-crafted webpage.

The patch for the security vulnerability is Chrome update 72.0.3626.121 for Windows, Mac, and Linux operating systems, which users may have already received or will soon receive in coming days.

 

 

Let us help you keep things up to date.

Why not give our Essential packages a look!  We have exactly what every type of business needs.  

Close Menu