14 DAY TRIAL // The most recent version of Google Chrome for Windows, Linux, and macOS resolves a zero-day vulnerability which the search giant warns is already being exploited in the wild.
Google Chrome version 72.0.3626.121 was released on March 1, but an update to the official announcement that the company published last Friday now reveals that a zero-day has also been patched.
“[$N/A][936448] High CVE-2019-5786: Use-after-free in FileReader. Reported by Clement Lecigne of Google's Threat Analysis Group on 2019-02-27,” the update reveals.
Google also mentions that it’s aware of reports that an exploit for this vulnerability already exists, so it urges everyone to install the latest version of Chrome as soon as possible.
Update as soon as possible
FileReader is an API that makes it possible for web apps to access locally-stored files, and a successful attack would technically provide a malicious actor with capabilities of running code and drop other payloads on a compromised host.
The security vulnerability was discovered by Clement Lecigne of Google's Threat Analysis Group, who reported it in late February. The patch was included in the March 1 update for Google Chrome on the desktop.
Justin Schuh, who leads the Google Chrome security and desktop engineering team, also recommends users to install the update immediately.
“Last week we got to deal with a real 0day chain and a faux 0day at the same time. I wonder which one will get more attention?” he said before adding the following: “Also, seriously, update your Chrome installs... like right this minute.”
You can download the latest version of Google Chrome for Linux, Windows, and macOS using these links. Given that exploits already exist in the wild, users are recommended to deploy the update as soon as possible, regardless of the platform they are using.