Google’s zero-day is under attack and the company didn’t hesitate before revealing it. It is also said that a patch for Chrome is a fix for this.
The reported details regarding the attacks are that they take advantage of a security flaw “CVE-2019-5786”. This flaw can only be dealt by a patch included in Chrome 72.0.3626.12. This latest version was just rolled out last Friday.
The attacks’ severity can be estimated from this fact that even Chrome’s security lead has admitted about the ongoing attacks.
According to Google, the flaw is basically a memory management error which is a part of Chrome’s FileReader (a web API which allows web applications to read the stored files’ content).
In simple language, the bug is that type of memory error which occurs due to an app trying to access memory which has been deleted (or let go) from the allocated memory space of Chrome. When such kind of operation backfires, it’s almost a certainty that the malicious code would start executing.
The CEO of Zerodium, Chaouki Bekrar, says that CVE-2019-5786 is solely responsible for the malicious code to break free from Chrome’s security sandbox, after which it is easy for the code to execute commands on the underlying OS.
Matt Miller, Microsoft Security Engineer revealed last month that almost 70% of all the accounted security flaws patched by Microsoft each year are related to memory safety (like the one discussed above).
Amidst these discussions, it should also be brought up that Google’s Threat Analysis Group’s own, Clement Lecigne discovered the above mentioned bug.
Justin Schuh, Chrome’s security lead, has requested all users to quickly update their Chrome to 72.0.3626.121, the latest available version, using the built-in update tool. So, if you are reading this, please trigger an update for your Chrome right now and stay safe from this security flaw.
Photo: SOPA Images via Getty Images
Read Next: Social Media is now being used by 'Support' scammers for conning people and nearly every tech savvy person is at risk!
The reported details regarding the attacks are that they take advantage of a security flaw “CVE-2019-5786”. This flaw can only be dealt by a patch included in Chrome 72.0.3626.12. This latest version was just rolled out last Friday.
The attacks’ severity can be estimated from this fact that even Chrome’s security lead has admitted about the ongoing attacks.
According to Google, the flaw is basically a memory management error which is a part of Chrome’s FileReader (a web API which allows web applications to read the stored files’ content).
In simple language, the bug is that type of memory error which occurs due to an app trying to access memory which has been deleted (or let go) from the allocated memory space of Chrome. When such kind of operation backfires, it’s almost a certainty that the malicious code would start executing.
The CEO of Zerodium, Chaouki Bekrar, says that CVE-2019-5786 is solely responsible for the malicious code to break free from Chrome’s security sandbox, after which it is easy for the code to execute commands on the underlying OS.
Matt Miller, Microsoft Security Engineer revealed last month that almost 70% of all the accounted security flaws patched by Microsoft each year are related to memory safety (like the one discussed above).
Related: Google Chrome aims to increase page-loading speed with new interfaceWhat’s even more interesting is that most of these errors result from using C++ and C programming languages, which are, to be honest, some of the most “memory-unsafe” languages. These languages are also used for writing the Chromium source code (on which Chrome is based on).
Amidst these discussions, it should also be brought up that Google’s Threat Analysis Group’s own, Clement Lecigne discovered the above mentioned bug.
Justin Schuh, Chrome’s security lead, has requested all users to quickly update their Chrome to 72.0.3626.121, the latest available version, using the built-in update tool. So, if you are reading this, please trigger an update for your Chrome right now and stay safe from this security flaw.
Photo: SOPA Images via Getty Images
Read Next: Social Media is now being used by 'Support' scammers for conning people and nearly every tech savvy person is at risk!