Latest Chrome update plugs a zero-day hole2019-03-07 17:15 by Daniela
Tags: Chrome, vulnerability
A critical security flaw inside Chrome is being used by hackers and could allow them to break into people's computers. The bug is already being exploited.
Google described the security flaw as a memory management error in Google Chrome's FileReader - a web API included in all major browsers that lets web apps read the contents of files stored on the user's computer.
More specifically, the bug is a use-after-free vulnerability, a type of memory error that happens when an app tries to access memory after it has been freed/deleted from Chrome's allocated memory. An incorrect handling of this type of memory access operation can lead to the execution of malicious code.
The vulnerability (CVE-2019-5786) affects Windows, Linux, Android, ChromeOS, and macOS builds of Chrome. A fix for the flaw has been shipped with the latest desktop (Windows, Mac, Linux) and Android Chrome versions, as well as that for Chrome OS. Desktop Chrome users are urged to upgrade to v72.0.3626.121, Android users to v72.0.3626.121, and Chrome OS users to v72.0.3626.122.
Read more -here-