Zero-Day Flaw in Chrome Under Active Attack

Zero-Day Flaw in Chrome Under Active Attack

Google has warned that a zero-day Remote Code Execution “RCE” vulnerability is actively being exploited in the wild by attackers to target Chrome users.

The latest attacks exploit CVE-2019-5786, a security flaw and the only patch included in the Chrome 72.0.3626.121 version, released on March 1, 2019.

How are attackers leveraging this vulnerability?

The flaw is enabling attackers to conduct remote code execution attacks, taking full control of their target PCs. Depending on the privileges given to Chrome, the attacker could install programs; view, change, or delete data; or create new accounts.

Additionally, the Google cybersecurity team has discovered that the flaw is located in the FileReader API component in the Google Chrome browser application. This is the main issue which allows launching code through remote servers.

What should you do?

Patching is the ultimate fix.

Robert Brown, Director of Services for Verismic said, “Ahead of next week’s Patch Tuesday, everyone should prioritize this update before Microsoft adds additional workload to their monthly schedule. As of March, Google Chrome is estimated to be used on 67% of all Internet browsers and as this vulnerability impacts not only Windows but Linux and Mac OS too, there is no amnesty usually associated with non-Windows OS this time.

The Best Way to Update Your Browsers

Keeping internet browsers across your company up-to-date can be surprisingly simple with the right solution. Syxsense provides detection and remediation of critical updates.

With a comprehensive patch scan, you’ll see all the devices that require updates. If you are wondering about the status of a specific software, run a targeted scan seeking a specific software. Both are easily set up and can be repeated regularly with our maintenance windows.

From there, it’s simple to set up a task that targets every device that need updates.It’s time to switch to an IT management solution that can deploy any security updates required.

Get started with Syxsense’s patching capabilities and experience all the intuitive features.

Recent Posts

Topics

Related Posts

April 2024 Patch Tuesday: Microsoft releases 147 fixes this month including 3 Critical Threats.

April 2024 Patch Tuesday: Microsoft releases 147 fixes this month including 3 Critical Threats.

April 9, 2024
Automating Patch and Vulnerability Management for Compliance Success

Automating Patch and Vulnerability Management for Compliance Success

March 21, 2024
March 2024 Patch Tuesday: Microsoft releases 59 fixes this month including 2 Critical Threats and 2 with CVSS Score of 9.0 or Above

March 2024 Patch Tuesday: Microsoft releases 59 fixes this month including 2 Critical Threats and 2 with CVSS Score of 9.0 or Above

March 12, 2024
Third-Party Patching: Don’t Be a Sitting Duck

Third-Party Patching: Don’t Be a Sitting Duck

February 14, 2024