04 Sep 2019
Justin Schuh, Google Chrome’s security lead and Engineering Director, has issued a warning that all Chrome users need to run an update NOW. Google Threat Analysis Group has identified a zero-day vulnerability that is actively being exploited: CVE-2019-5786.
Although information remains limited on CVE-2019-5786, it is suspected to be a UAF vulnerability in FileReader. The potential exists for an attacker to run arbitrary code while avoiding the browser’s sandbox protection.
Fixing the issue is relatively easy. Select Help/About from the Chrome menu (three stacked dots, upper right). Make sure you are running the current version: version 72.0.3626.121 (Official Build). If not, Chrome should then go and auto fetch the latest version and then update it for you. You could also type chrome://settings/help in the address bar if you prefer, which takes you to the same help/about location.