Susceptibilities in Internet browser aren’t rare. As a matter of fact, major and minor updates released now and then include security patches, fixes of some sort. An update fixes a known flaw and same time attackers start to look for undiscovered and new flaw to exploit. Thankfully out there are good guys too who use their extensive research to identify and secure vulnerabilities.
One such vulnerability was reported by Clement Lecigne in February. To resolve which last week Google announced an update. This vulnerability was a Zero day exploit known as CVE-2019-5786. This susceptibility could affect users exploited in wild.
Last week we got to deal with a real 0day chain and a faux 0day at the same time. I wonder which one will get more attention? 🤔 https://t.co/DfeyoB7geY— Justin Schuh 🗑 (@justinschuh) March 6, 2019
Before you panic let’s know about CVE-2019-5786 flaw and how to fix it.
Fix: Update your Google Chrome
What is CVE-2019-5786 flaw?
CVE-2019-5786 is a high priority vulnerability that exist due to a use-after-free condition in Google Chrome’s FileReader. An API that allows web apps to access files stored on your computer. It is said that CVE-2019-5786 vulnerability lets malicious code escape from being identified via Chrome’s security sandbox, allowing cybercriminals to run malicious code on victim’s machine.
Furthermore, depending on the permission granted by user to Chrome the threat actor can install programs, view, change or delete data or create new accounts. This puts user’s security and privacy at risk. Moreover, all major operating system like Windows, macOS, Linux, and Android are affected.
How does this zero-day Google Chrome vulnerability work?
This zero-day vulnerability can take control of user’s desktop to execute arbitrary code. CVE-2019-5786 affects an API called FileReader. Its function is to allow the browser to read files. To exploit this vulnerability cybercriminals, trick the victim and direct them to a malicious address designed by attackers.
What is the risk assessment of the vulnerability?
For businesses and government institution the risk is high while for home users the risk is less.
How to fix CVE-2019-5786?
To stay safe, it is highly recommended that users should update Chrome web browser. To update click the vertical three dots menu at the top right. Next select Help> About Chrome. Here you will see current version of Google Chrome it should be 72.0.3626.121. If you are running a lower version click on “check for updates”, button. Relaunch the browser to install the update.
Plus, to stay safe it is advisable to run Google Chrome without admin rights.
Once you update your Chrome browser to the latest version you will be safe from CVE-2019-5786 flaw.
If you want to stay safe remember the thumb rule never overlook security updates. Software updates are released to fix security loopholes that attackers can exploit and make you a victim