Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.misc > #17523 > unrolled thread

Active Google Chrome exploit

Started byRS Wood <rsw@therandymon.com>
First post2019-03-10 20:44 -0400
Last post2019-03-11 10:20 +0200
Articles 4 — 4 participants

Back to article view | Back to comp.misc


Contents

  Active Google Chrome exploit RS Wood  <rsw@therandymon.com> - 2019-03-10 20:44 -0400
    Re: Active Google Chrome exploit Roger Blake <rogblake@iname.invalid> - 2019-03-11 03:50 +0000
      Re: Active Google Chrome exploit Computer Nerd Kev <not@telling.you.invalid> - 2019-03-11 06:04 +0000
    Re: Active Google Chrome exploit Anssi Saari <as@sci.fi> - 2019-03-11 10:20 +0200

#17523 — Active Google Chrome exploit

FromRS Wood <rsw@therandymon.com>
Date2019-03-10 20:44 -0400
SubjectActive Google Chrome exploit
Message-ID<tjnglf-blp.ln1@rasp.therandymon.com>
From the «this post sponsored by Brave, the browser» department:
Title: New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild
Author: Fnord666
Date: Sun, 10 Mar 2019 05:31:00 -0400
Link: https://soylentnews.org/article.pl?sid=19/03/09/1638200&from=rss

upstart[1] writes:

Submitted via IRC for SoyCow1984

New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild[2]

You must update your Google Chrome immediately to the latest version of the
web browsing application.

Security researcher Clement Lecigne of Google's Threat Analysis Group
discovered and reported a high severity vulnerability in Chrome late last
month that could allow remote attackers to execute arbitrary code and take
full control of the computers.

The vulnerability, assigned as CVE-2019-5786[3], affects the web browsing
software for all major operating systems including Microsoft Windows, Apple
macOS, and Linux.

Without revealing technical details of the vulnerability, the Chrome security
team only says the issue is a use-after-free vulnerability in the FileReader
component of the Chrome browser, which leads to remote code execution
attacks.

What's more worrisome? Google warned that this zero-day RCE vulnerability is
actively being exploited in the wild by attackers to target Chrome users.

[...] The patch for the security vulnerability has already been rolled out to
its users in a stable Chrome update 72.0.3626.121 for Windows, Mac, and Linux
operating systems, which users may have already receive or will soon receive
in coming days.

So, make sure your system is running the updated version of the Chrome web
browser.

------------------------------------------------------------------------------

Original Submission[4]

Read more of this story[5] at SoylentNews.

Links:
[1]: http://soylentnews.org/~upstart/ (link)
[2]: https://thehackernews.com/2019/03/update-google-chrome-hack.html (link)
[3]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5786 (link)
[4]: http://soylentnews.org/submit.pl?op=viewsub&subid=32168 (link)
[5]: https://soylentnews.org/article.pl?sid=19/03/09/1638200&from=rss (link)

[toc] | [next] | [standalone]


#17528

FromRoger Blake <rogblake@iname.invalid>
Date2019-03-11 03:50 +0000
Message-ID<20190310234841@news.eternal-september.org>
In reply to#17523
On 2019-03-11, RS Wood <rsw@therandymon.com> wrote:
> New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild[2]
> ...

Another reason to use Firefox. :) (Not that it's perfect either of course.
The only way to fully avoid exploits is to go back to a typewriter.)

-- 
-----------------------------------------------------------------------------
  Roger Blake (Posts from Google Groups killfiled due to excess spam.)

  NSA sedition and treason        -- http://www.DeathToNSAthugs.com
  Don't talk to cops!             -- http://www.DontTalkToCops.com
  Badges don't grant extra rights -- http://www.CopBlock.org
-----------------------------------------------------------------------------

[toc] | [prev] | [next] | [standalone]


#17530

FromComputer Nerd Kev <not@telling.you.invalid>
Date2019-03-11 06:04 +0000
Message-ID<q64tpp$1akv$1@gioia.aioe.org>
In reply to#17528
Roger Blake <rogblake@iname.invalid> wrote:
> On 2019-03-11, RS Wood <rsw@therandymon.com> wrote:
>> New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild[2]
>> ...
> 
> Another reason to use Firefox. :) (Not that it's perfect either of course.
> The only way to fully avoid exploits is to go back to a typewriter.)

Firefox ESR security advisories can be found here:
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/

Strangely still no RSS feed for that even though people have
complained about it in the past.

Another reason to prefer simple, lightweight web browsers if you look
at how many of the vulnerabilities are in additional libraries and
functions besides basic HTML downloading and viewing. But then it's
secure things like financial transactions that usually can't be done
with those simple browsers, even though they support the encryption.

-- 
__          __
#_ < |\| |< _#

[toc] | [prev] | [next] | [standalone]


#17532

FromAnssi Saari <as@sci.fi>
Date2019-03-11 10:20 +0200
Message-ID<vg3zhq1960y.fsf@coffee.modeemi.fi>
In reply to#17523
RS Wood  <rsw@therandymon.com> writes:

> You must update your Google Chrome immediately to the latest version of the
> web browsing application.

I wonder what this means for people running Chromium? Haven't found
anything.

[toc] | [prev] | [standalone]


Back to top | Article view | comp.misc


csiph-web