Published: Fri, March 08, 2019
IT | By Emmett Cole

Google releases fix for zero-day exploit in Chrome

Google releases fix for zero-day exploit in Chrome

What this means is that if your Google Chrome version is as seen in the image above, it is not enough to benefit from the latest fix.

Talking specifically about this exploitable bug, Chrome has chosen to keep the details under the hood to make sure that the majority of the users update their browsers before the flaw is made public. You will then need to relaunch Chrome by clicking the button. While that specific exploit combination won't be effective against Chrome users who are running the latest browser version, the Windows exploit could still be used against people running older versions of Windows.

The vulnerability exploits a security flaw known as CVE-2019-5786.

If you are reading this, there is a good chance you are doing so on a Chrome browser, based on the available market share data.

Chaouki Bekrar, CEO of exploit vendor Zerodium, stated that the vulnerability allowed malicious code to get past Chrome's security sandbox allowing hackers to run commands on the users operating system.

Schuh made the suggestion on Twitter, in which he pointed to a recent update to Chrome's Stable Channel for desktop systems.

But when the browser code needs to be refreshed, the change takes effect after a restart, done manually in most cases.

If they haven't already, desktop Chrome users are urged to upgrade to v72.0.3626.121, Android users to v72.0.3626.121, and Chrome OS users to v72.0.3626.122.

What Biehn is referencing is that Google Chrome is created to update automatically, with users rarely if ever noticing.

"Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild", Google notes in the updated Chrome releases blog.

Like this: