New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild
(Mar 6, 2019)
Clement Lecigne, a security researcher from Google's Threat Analysis Group, discovered a high-severity vulnerability, registered as "CVE-2019-5786," in Google Chrome. This vulnerability could allow a remote threat actor to execute arbitrary code and obtain full control over a vulnerable machine. The vulnerability affects the Chrome web browsing software for the operating systems Microsoft Windows, Apple macOS, and Linux, and it is a use-after-free flaw in the "FileReader" component of Google Chrome. A threat actor could exploit this vulnerability by tricking a user into opening or accessing a specially-crafted webpage, and has been observed to be exploited in the wild.
Recommendation: A patch for the vulnerability has already been sent out to users in a stable Chrome update 72.0.3626.121 for Windows, macOS, and Linux operating systems. Ensure that your Google Chrome is the most recent version to prevent this vulnerability from being exploited. Refrain from opening a webpage that appears to be illegitimate or from an unknown source.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.