Google had fixed the vulnerability in v72.0.03626.121. The zero-day vulnerability is a security flaw that is flagged as a ‘high severe’ vulnerability by Google. CVE-2019-5786 discovered by Clement Lecigne of Google’s Threat Analysis Group is flagged as Chrome’s zero-day.
In the official blog post, Google said, “To remediate the Chrome vulnerability (CVE-2019-5786), Google released an update for all Chrome platforms on March 1; this update was pushed through Chrome auto-update. We encourage users to verify that Chrome auto-update has already updated Chrome to 72.0.3626.121 or later.”
The vulnerability has been patched in the latest version of Chrome. However, it does not ensure that your system is safe from the bug. Google is aware of the exploit that exists in the older version of Chrome. In a series of tweets, Google’s Security and Desktop Engineer, Justin Schuh explained the exploit. The engineer said that it is different from past vulnerabilities as it targets Chrome code directly. The users have to restart the browser after updating the browser version.
Last week we got to deal with a real 0day chain and a faux 0day at the same time. I wonder which one will get more… https://t.co/KeShRSBMox
— Justin Schuh (@justinschuh) 1551831107000
The bug was first spotted on February 27. It affects the file reading API called FileReader, which allows web apps to read the content of files stored on a computer. The vulnerability can allow attackers to access sensitive data of Chrome users. The update with a fix is available for Chrome for Linux, Mac, and Windows. To update, head to chrome://settings/help to manually download the new version.