Home » Cyber Security News » Google revealed yesterday that a patch for Chrome last week was actually a fix for a zero-day that was under active attacks.

Google revealed yesterday that a patch for Chrome last week was actually a fix for a zero-day that was under active attacks.

The attacks exploited CVE-2019-5786, a security flaw and the only patch included in the Chrome 72.0.3626.121 version, released last Friday, March 1, 2019.

According to an update to its original announcement and a tweet from Google Chrome’s security lead, the patched bug was under active attacks at the time of the patch.

Google described the security flaw as a memory management error in Google Chrome’s FileReader –a web API included in all major browsers that lets web apps read the contents of files stored on the user’s computer.

More specifically, the bug is a use-after-free vulnerability, a type of memory error that happens when an app tries to access memory after it has been freed/deleted from Chrome’s allocated memory. An incorrect handling of this type of memory access operation can lead to the execution of malicious code.

According to Chaouki Bekrar, CEO of exploit vendor Zerodium, the CVE-2019-5786 vulnerability allegedly allows malicious code to escape Chrome’s security sandbox and run commands on the underlying OS.

Google discovered a Chrome RCE #0day in the wild (CVE-2019-5786). Reportedly, a full chain with a sandbox escape: https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html 

In 2019, I expect epic 0days to be found in the wild: Android, iOS, Windows, Office, virtualization, and more. Stay safe and enjoy the show.

Stable Channel Update for Desktop

The stable channel has been updated to 72.0.3626.121 for Windows, Mac, and Linux,   which will roll out over the coming days/weeks. Secur…

chromereleases.googleblog.com

134 people are talking about this

Besides revealing exploitation attempts, the browser maker also gave credit to the security researcher who discovered the bug –Clement Lecigne of Google’s Threat Analysis Group.

Last month, speaking at a security conference in Israel, Microsoft security engineer Matt Miller said that roughly 70 percent of all security bugs that Microsoft patches every year are memory safety errors like the one the Chrome team patched last week.

Most of the errors come from using C and C++, two “memory-unsafe” programming languages, also used for the Chromium source code, the open source project on which Google Chrome is based on.

Google Chrome users are advised to use the browser’s built-in update tool to trigger an update to 72.0.3626.121 version. Users should do this right now, especially when the advice comes from Google Chrome’s security lead.

Buy Firewall, Buy Firewall Online, Buy Firewall Online India Buy Firewall, Buy Firewalls Online, Buy Firewall Online in India from IT Monteur's Firewall Firm, Buy Firewall Support, Buy Firewall License & License Renewals

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket