Published on: 07 March 2019
Google released a security update to address a use-after-free vulnerability in the FileReader application programming interface (API) of the Google Chrome. A remote attacker could entice a user running a vulnerable browser to open a web page with specially crafted content to exploit the vulnerability.
Reports indicate that the vulnerability (CVE-2019-5786) is being exploited in the wild. Users are advised to take immediate action to patch the affected systems to mitigate the elevated risk of cyber attacks.
A successful exploitation could lead to arbitrary code execution on an affected system.
Users of affected systems should update the Google Chrome to version 72.0.3626.121 to address the issue. The update can be obtained through the auto-update mechanism or manually by visiting the "About Google Chrome" page (chrome://settings/help) . Concerned users should relaunch the Google Chrome to make the update effective.
https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html
https://support.google.com/chrome/answer/95414?co=GENIE.Platform%3DDesktop&oco=1
https://www.hkcert.org/my_url/en/alert/19030701
https://thehackernews.com/2019/03/update-google-chrome-hack.html?m=1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5786