Zero day found in Google Chrome's FileReader API
Google identified a zero day vulnerability (CVE-2019-5786) on March 7 in the Google Chrome browser. A 'use-after-free' was discovered and quickly patched in the FileReader API, allowing an attack execute malicious code.
Google reports they have reason to believe an exploit exists in the wild and McAfee research has detailed the likely path to exploitation.
Google had earlier (March 1) released a software "update for all Chrome platforms", allowing users who have the browser's automatic updating service turned on to get the update. In order to protect against this exploit, Google aim to have all Chrome browsers at version 72.0.3626.121 or greater.
Not surprisingly, Google have taken this matter seriously and Justin Schuh, Engineering Director on Chrome, tweeted this: "Also, seriously, update your Chrome installs... like right this minute." (@justinschuh)
Also, seriously, update your Chrome installs... like right this minute. #PSA— Justin Schuh 🗑 (@justinschuh) March 6, 2019
With Schuh's words ringing in our ears, Google Chrome users update your browser immediately!
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.