Failure in Google Chrome, millions of users at risk
New flaw in Google Chrome threatens millions of users and affects the operating systems Microsoft Windows, Apple MacOS and Linux. Find out how to defend yourself.
Cybersecurity experts from Google’s Threat Analysis Group have discovered a “serious” flaw in Google Chrome. The threat, identified by the code CVE-2019-5786, could have a huge impact on the Microsoft Windows operating system, but also on Apple macOS and Linux.
The vulnerability is located within the FileReader component and allows a hypothetical hacker to gain administrator privileges by bypassing browser security systems (such as the sandbox). Although Google has already released the patch in the Chrome update, there are still many devices that could potentially be affected by the vulnerability. The technicians of the giant of Mountain View strongly invite to update the browser to version 72.0.3626.121.
How the Google Chrome vulnerability works
The flaw just discovered by Clement Lecigne, an engineer and computer security expert at Google’s Threat Analysis Group, is a serious zero-day vulnerability that has recently put the data of millions of users worldwide at risk. It’s a use-after-free bug, a vulnerability that activates after the program’s memory has been released. In particular, the flaw would affect Chrome’s FileReader element and would allow attackers to access victim history and spy on their online activities.
To be able to exploit the flaw, however, hackers need users to visit a web page created ad hoc, which allows them to activate the mechanism of user-after-free. And the easiest way to do this is through a phishing campaign that encourages users, mostly unaware of the risk they run, to click on a link.
How to avoid the Google Chrome flaw?
To minimize the risk, the Threat Analysis Group recommends updating Chrome in all operating systems: Windows, Mac and Linux, but also mobile versions of Chrome OS. Chrome users are encouraged to upgrade to v72.0.3626.121, Android users to v72.0.3626.121, and Chrome OS users to v72.0.3626.122.
To check the version installed on your PC you will need to open the browser, click on the three-pointed icon at the top right and then on the icon with the three horizontal lines that you find on the left. In the menu that opens choose Information and check the build number. To check Chrome on Android, instead, you have to open the Phone Settings, go to the Installed Apps section and then click on Chrome to access the dedicated tab, where you can find the version of the app you are using.