Update Google Chrome: Critical zero-day bug discovered
Google's security team has warned about a major vulnerability in Chrome, calling on users to update their browsers immediately. The vulnerability, which has been classified as a zero-day flaw, affects old versions of the browser and already appears to be under attack in the wild. So, if not updated, your browser will be at risk. Here's more on the issue and its fix.
What is this 'zero-day' vulnerability
A zero-day vulnerability is a security flaw that a developer fails to detect - and address - unless it goes public. In this particular case, CVE-2019-5786, discovered by Clement Lecigne of Google's Threat Analysis Group, is Chrome's zero-day. It has been described as an issue of 'high' severity but Google has not given specific details of the attack or its impact.
Vulnerability probably deals with FileReader API
Google said CVE-2019-5786 deals with 'Use-after-free' in FileReader. Now, this indicates the issue revolves around the FilerReader API responsible for letting web apps read local computer data. Also, do note that 'use-after-free' category of bugs allow for the execution of malicious code at most.
Plus, the flaw is already under attack
Google has kept exact information under the hood to prevent the bug from being exploited before most users jump to the latest version. "Access to bug details and links may be kept restricted until a majority of users are updated with a fix," the company said in a blog post. It even claimed that some reports suggest an exploit for this bug already exists.
Update available for all major platforms
Having said that, it is highly recommended to update Google Chrome on all the platforms you use. The update for Windows, Mac, and Linux comes with version 72.0.3626.121 and has been available since Friday; head to chrome://settings/help to start the download manually. Notably, a patch for Chrome OS and Android users has been also been released over the last few days.
