The most recent version of Google Chrome for Windows, Linux, and macOS resolves a zero-day vulnerability which the search giant warns is already being exploited in the wild.
Google Chrome version 72.0.3626.121 was released on March 1, but an update to the official announcement that the company published last Friday now reveals that a zero-day has also been patched.
“[$N/A] High CVE-2019-5786: Use-after-free in FileReader. Reported by Clement Lecigne of Google’s Threat Analysis Group on 2019-02-27,” the update reveals.
Google also mentions that it’s aware of reports that an exploit for this vulnerability already exists, so it urges everyone to install the latest version of Chrome as soon as possible.
Update as soon as possible
FileReader is an API that makes it possible for web apps to access locally-stored files, and a successful attack would technically provide a malicious actor with capabilities of run… (read more)
from Softpedia News / Linux https://news.softpedia.com/news/google-fixes-zero-day-flaw-in-chrome-72-update-for-linux-windows-and-mac-525214.shtml