Google wants you to update Chrome right now (ZERO-DAY Exploit in Chrome Browser)

TechSpot ^ | Mar 7, 2019 | Dean Pennington

[dayglored]

Bottom line: Google is urging Chrome users to update their browsers immediately after a zero-day exploit that could give hackers direct access to a user's OS has been found. The most recent version is 72.0.3626.121, and it's the version you want to be running to make sure you're safe from this exploit.

Google is urging users to update Chrome across all platforms after a critical vulnerability was discovered and patched.

The vulnerability exploits a security flaw known as CVE-2019-5786. The security flaw is a memory management issue in Chrome's FileReader which gives hackers the opportunity to inject and execute malicious code.

FileReader is a embedded program in most browsers that allows web apps to read the contents of a user's local file system. The vulnerability identified by Google allows malicious code to leave Chrome's security environment and run commands on the underlying OS.

Well-known Chrome security researcher Justin Schuh concisely addressed the urgency of this update on Twitter:

Also, seriously, update your Chrome installs... like right this minute. #PSA

— Justin Schuh (@justinschuh) March 6, 2019

Google is calling this a "zero-day" vulnerability, meaning that the bad guys figured out how to exploit it before the good guys were able to find and patch it.

The version of Chrome you should be running is 72.0.3626.121, released at the beginning of March 2019. To check your version number, type chrome://settings/help into the address bar. From there, you will be able to see your version number. Just going to that page will trigger an update check, and Chrome will prompt you to relaunch it when finished. You can also manually download the latest version of Chrome here.

Stay safe out there.

[dayglored]

> ...The bug... is a use-after-free() programming blunder...

That's a really dumb mistake to make. It's frankly disturbing that Google isn't using a good code analysis tool to catch screwups like that.

[Dalberg-Acton]

I got the update yesterday.
I saw on Suse’s page that it is unaffected by the problem.

[WildHighlander57]

chrome://settings/help

Gave “invalid site” message.

[Bob Ireland]

Why anyone would have anything to do with Google is beyond me. From their beginning they were designing ways for the ChiComs to monitor citizen's browsing... why not Americans also? Why not everyone? Why design two different systems? Cheaper to design one - and use that tracking data to sell to advertisers, to information services, to governments.

Dirty from the beginning. Hey, Eric! How about setting up a server in H3ll?

[dayglored]

> chrome://settings/help Gave “invalid site” message.

Huh, dunno. Worked for me (Chrome browser running on MacOS). Haven't tried it on my Windows box yet...

[ThunderSleeps]

Update Chrome browser - ANDROID PING!
Android Ping! If you want on or off the Android Ping List, Freepmail me.

[Bikkuri]

Chromium is the basic skeleton of Chrome, without all of the bloatware/spyware added. It is fully functional, just like Chrome.