SIUSTO
Life & Technology

Google Security Lead Urges Chrome Users to Update Right Now!

0

Google Security Lead Urges Chrome Users to Update Right Now!

Google has released a new update for the Chrome browser and Justin Schuh who is Googgle’s security lead is advising all Chrome users to hurry up and download the new update as soon as possible. Jason Schuh said that everyone needs to update the browser “like right this minute”. The reason why Google’s security lead is urging all Chrome users to download the new update is because it contains a patch for a major security vulnerability in the browser’s software.

Google Chrome Security Issue

The Google Threat Analysis Group is always looking for new ways to improve the overall security of the browser and the group has found out that a new security vulnerability is actively being exploited. The problem here is that this is not a simple bug and it is a zero-day vulnerability which means that bad actors can exploit it. Moreover, the bug which causes the security breach in Chrome’s software is called “CVE-2019-5786” and a fix for it has been introduced in the latest Chrome update.

The “CVE-2019-5786” Exploit

Even though Google doesn’t want to release too much information about the CVE-2019-5786 exploit for obvious reasons, Satnam Narang who is a senior research engineer at Tenable has managed to find some information about it. This is what Satnam Narang had to say: “It is a Use-After-Free (UAF) vulnerability in FileReader, an application programming interface (API) included in browsers to allow web applications to read the contents of files stored on a user’s computer”.

ZDNet’s Catalin Cimpanu found out that there is more to this security vulnerability and that the CVE-2019-5786 has something to do with PDF Documents as well. “The PDF Documents would contact a remote domain with information on the user’s device – such as IP address, OS version, Chrome version, and the path of the PDF file on the user’s computer,” added Catalin Cimpanu.

Leave A Reply

Your email address will not be published.