Google Chrome RCE Vulnerability

A security researcher has identified a use-after-free vulnerability in Google Chrome. An attacker could exploit this vulnerability to take control of an affected system.

Threat ID:: CC-2961
Category:
Threat Severity:: Low
Threat Vector:: Vulnerability
Published:: 6 March 2019 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

A security researcher has identified a use-after-free vulnerability in Google Chrome. An attacker could exploit this vulnerability to take control of an affected system.

Affected platforms

The following platforms are known to be affected:

Google Chrome

Google Chrome - Versions prior to 72.0.3626.121

Threat details

The vulnerability lies within the FileReader component and can be exploited by redirecting users to a specially crafted webpage. This would allow a remote attacker to escalate their privileges, escape sandbox protections and execute arbitrary code on a vulnerable device.

For further information:

CVE-2019-5786

Remediation steps

Type	Step
	Google have issued a patch for this vulnerability in Chrome version 72.0.3626.121. Users and administrators are encouraged to review the Chrome Releases page and apply the necessary update.

Last edited: 14 February 2020 2:44 pm