Home » Cyber Security News » Google reveals Chrome zero-day vulnerability was under active attacks at the time of patch

Google reveals Chrome zero-day vulnerability was under active attacks at the time of patch

  • The vulnerability is a use-after-free vulnerability, a type of memory error that allows an app to access memory after it has been deleted from Chrome’s allocated memory.
  • Google Chrome users are advised to update to Google Chrome version 72.0.3626.121.

Google disclosed that the zero-day vulnerability that was patched on March 1, 2019, was under active attacks at the time of the patch. The vulnerability tracked as CVE-2019-5786 was patched in Chrome 72.0.3626.121 version.

The big picture – Google described the vulnerability as a memory management error in Google Chrome’s FileReader. FileReader is a web API that allows web apps to read the contents of files stored on the user’s system.

To be precise, the vulnerability is a use-after-free vulnerability, a type of memory error that allows an app to access memory after it has been deleted from Chrome’s allocated memory. This type of memory access operation could lead to the execution of malicious code.

Chaouki Bekrar, CEO of exploit acquisition platform Zerodium, tweeted that the vulnerability lets malicious code to bypass Chrome’s security sandbox and run commands on the operating system.

“Google discovered a Chrome RCE #0day in the wild (CVE-2019-5786). Reportedly, a full chain with a sandbox escape. In 2019, I expect epic 0days to be found in the wild: Android, iOS, Windows, Office, virtualization, and more. Stay safe and enjoy the show,” Chaouki Bekrar tweeted.

Memory management issues

According to Microsoft security engineer Matt Miller, roughly 70 percent of all vulnerabilities that Microsoft patches every year are memory management errors.

Most of the errors come from using C and C++, two ‘memory-unsafe’ programming languages, are also used for the Chromium source code, the open source project on which Google Chrome is based on.

The bottom line – Google Chrome users are advised to update to Google Chrome version 72.0.3626.121.

Buy Firewall, Buy Firewall Online, Buy Firewall Online India Buy Firewall, Buy Firewalls Online, Buy Firewall Online in India from IT Monteur's Firewall Firm, Buy Firewall Support, Buy Firewall License & License Renewals

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket