Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.misc > #17523 > unrolled thread
| Started by | RS Wood <rsw@therandymon.com> |
|---|---|
| First post | 2019-03-10 20:44 -0400 |
| Last post | 2019-03-11 10:20 +0200 |
| Articles | 4 — 4 participants |
Back to article view | Back to comp.misc
Active Google Chrome exploit RS Wood <rsw@therandymon.com> - 2019-03-10 20:44 -0400
Re: Active Google Chrome exploit Roger Blake <rogblake@iname.invalid> - 2019-03-11 03:50 +0000
Re: Active Google Chrome exploit Computer Nerd Kev <not@telling.you.invalid> - 2019-03-11 06:04 +0000
Re: Active Google Chrome exploit Anssi Saari <as@sci.fi> - 2019-03-11 10:20 +0200
| From | RS Wood <rsw@therandymon.com> |
|---|---|
| Date | 2019-03-10 20:44 -0400 |
| Subject | Active Google Chrome exploit |
| Message-ID | <tjnglf-blp.ln1@rasp.therandymon.com> |
From the «this post sponsored by Brave, the browser» department: Title: New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild Author: Fnord666 Date: Sun, 10 Mar 2019 05:31:00 -0400 Link: https://soylentnews.org/article.pl?sid=19/03/09/1638200&from=rss upstart[1] writes: Submitted via IRC for SoyCow1984 New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild[2] You must update your Google Chrome immediately to the latest version of the web browsing application. Security researcher Clement Lecigne of Google's Threat Analysis Group discovered and reported a high severity vulnerability in Chrome late last month that could allow remote attackers to execute arbitrary code and take full control of the computers. The vulnerability, assigned as CVE-2019-5786[3], affects the web browsing software for all major operating systems including Microsoft Windows, Apple macOS, and Linux. Without revealing technical details of the vulnerability, the Chrome security team only says the issue is a use-after-free vulnerability in the FileReader component of the Chrome browser, which leads to remote code execution attacks. What's more worrisome? Google warned that this zero-day RCE vulnerability is actively being exploited in the wild by attackers to target Chrome users. [...] The patch for the security vulnerability has already been rolled out to its users in a stable Chrome update 72.0.3626.121 for Windows, Mac, and Linux operating systems, which users may have already receive or will soon receive in coming days. So, make sure your system is running the updated version of the Chrome web browser. ------------------------------------------------------------------------------ Original Submission[4] Read more of this story[5] at SoylentNews. Links: [1]: http://soylentnews.org/~upstart/ (link) [2]: https://thehackernews.com/2019/03/update-google-chrome-hack.html (link) [3]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5786 (link) [4]: http://soylentnews.org/submit.pl?op=viewsub&subid=32168 (link) [5]: https://soylentnews.org/article.pl?sid=19/03/09/1638200&from=rss (link)
[toc] | [next] | [standalone]
| From | Roger Blake <rogblake@iname.invalid> |
|---|---|
| Date | 2019-03-11 03:50 +0000 |
| Message-ID | <20190310234841@news.eternal-september.org> |
| In reply to | #17523 |
On 2019-03-11, RS Wood <rsw@therandymon.com> wrote: > New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild[2] > ... Another reason to use Firefox. :) (Not that it's perfect either of course. The only way to fully avoid exploits is to go back to a typewriter.) -- ----------------------------------------------------------------------------- Roger Blake (Posts from Google Groups killfiled due to excess spam.) NSA sedition and treason -- http://www.DeathToNSAthugs.com Don't talk to cops! -- http://www.DontTalkToCops.com Badges don't grant extra rights -- http://www.CopBlock.org -----------------------------------------------------------------------------
[toc] | [prev] | [next] | [standalone]
| From | Computer Nerd Kev <not@telling.you.invalid> |
|---|---|
| Date | 2019-03-11 06:04 +0000 |
| Message-ID | <q64tpp$1akv$1@gioia.aioe.org> |
| In reply to | #17528 |
Roger Blake <rogblake@iname.invalid> wrote: > On 2019-03-11, RS Wood <rsw@therandymon.com> wrote: >> New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild[2] >> ... > > Another reason to use Firefox. :) (Not that it's perfect either of course. > The only way to fully avoid exploits is to go back to a typewriter.) Firefox ESR security advisories can be found here: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/ Strangely still no RSS feed for that even though people have complained about it in the past. Another reason to prefer simple, lightweight web browsers if you look at how many of the vulnerabilities are in additional libraries and functions besides basic HTML downloading and viewing. But then it's secure things like financial transactions that usually can't be done with those simple browsers, even though they support the encryption. -- __ __ #_ < |\| |< _#
[toc] | [prev] | [next] | [standalone]
| From | Anssi Saari <as@sci.fi> |
|---|---|
| Date | 2019-03-11 10:20 +0200 |
| Message-ID | <vg3zhq1960y.fsf@coffee.modeemi.fi> |
| In reply to | #17523 |
RS Wood <rsw@therandymon.com> writes: > You must update your Google Chrome immediately to the latest version of the > web browsing application. I wonder what this means for people running Chromium? Haven't found anything.
[toc] | [prev] | [standalone]
Back to top | Article view | comp.misc
csiph-web