Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.misc > #17523

Active Google Chrome exploit

From RS Wood <rsw@therandymon.com>
Newsgroups comp.misc
Subject Active Google Chrome exploit
Date 2019-03-10 20:44 -0400
Organization solani.org
Message-ID <tjnglf-blp.ln1@rasp.therandymon.com> (permalink)

Show all headers | View raw


From the «this post sponsored by Brave, the browser» department:
Title: New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild
Author: Fnord666
Date: Sun, 10 Mar 2019 05:31:00 -0400
Link: https://soylentnews.org/article.pl?sid=19/03/09/1638200&from=rss

upstart[1] writes:

Submitted via IRC for SoyCow1984

New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild[2]

You must update your Google Chrome immediately to the latest version of the
web browsing application.

Security researcher Clement Lecigne of Google's Threat Analysis Group
discovered and reported a high severity vulnerability in Chrome late last
month that could allow remote attackers to execute arbitrary code and take
full control of the computers.

The vulnerability, assigned as CVE-2019-5786[3], affects the web browsing
software for all major operating systems including Microsoft Windows, Apple
macOS, and Linux.

Without revealing technical details of the vulnerability, the Chrome security
team only says the issue is a use-after-free vulnerability in the FileReader
component of the Chrome browser, which leads to remote code execution
attacks.

What's more worrisome? Google warned that this zero-day RCE vulnerability is
actively being exploited in the wild by attackers to target Chrome users.

[...] The patch for the security vulnerability has already been rolled out to
its users in a stable Chrome update 72.0.3626.121 for Windows, Mac, and Linux
operating systems, which users may have already receive or will soon receive
in coming days.

So, make sure your system is running the updated version of the Chrome web
browser.

------------------------------------------------------------------------------

Original Submission[4]

Read more of this story[5] at SoylentNews.

Links:
[1]: http://soylentnews.org/~upstart/ (link)
[2]: https://thehackernews.com/2019/03/update-google-chrome-hack.html (link)
[3]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5786 (link)
[4]: http://soylentnews.org/submit.pl?op=viewsub&subid=32168 (link)
[5]: https://soylentnews.org/article.pl?sid=19/03/09/1638200&from=rss (link)

Back to comp.misc | Previous | NextNext in thread | Find similar | Unroll thread


Thread

Active Google Chrome exploit RS Wood  <rsw@therandymon.com> - 2019-03-10 20:44 -0400
  Re: Active Google Chrome exploit Roger Blake <rogblake@iname.invalid> - 2019-03-11 03:50 +0000
    Re: Active Google Chrome exploit Computer Nerd Kev <not@telling.you.invalid> - 2019-03-11 06:04 +0000
  Re: Active Google Chrome exploit Anssi Saari <as@sci.fi> - 2019-03-11 10:20 +0200

csiph-web