Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Eugene

(62,650 posts)
Thu Mar 7, 2019, 07:13 AM Mar 2019

Google Confirms Serious Chrome Security Problem - Here's How To Fix It

This discussion thread was locked by steve2470 (a host of the Computer Help and Support group).

Source: Forbes

Mar 7, 2019, 12:51am

Google Confirms Serious Chrome Security Problem - Here's How To Fix It

Davey Winder
Contributor
Cybersecurity

Google Chrome's security lead and engineering director, Justin Schuh, has warned that users of the most popular web browser should update "like right this minute." Why the urgency? Simply put, there is a zero-day vulnerability for Chrome that the Google Threat Analysis Group has determined is being actively exploited in the wild. What does that all mean? Well, a vulnerability is just a bug or flaw in the code and while they all need to be fixed, not all of them either can be or are being exploited. A zero-day vulnerability is one that threat actors have managed to create an exploit for, a way of doing bad things to your device or data, before the good guys even knew the vulnerability existed. In other words they have zero days in which to issue a fix. The bad news for users of Google Chrome is that this particular zero-day vulnerability, CVE-2019-5786, is already being exploited by the bad guys. Which is why it's so important to make sure your browser has been updated to the latest patched version that fixes the vulnerability.

The problem explained

Although information regarding CVE-2019-5786 remains scarce currently, Satnam Narang, a senior research engineer at Tenable, says it is a "Use-After-Free (UAF) vulnerability in FileReader, an application programming interface (API) included in browsers to allow web applications to read the contents of files stored on a user's computer." Some further digging by Catalin Cimpanu over at ZDNet suggests that there are malicious PDF files in the wild that are being used to exploit this vulnerability. "The PDF documents would contact a remote domain with information on the users' device --such as IP address, OS version, Chrome version, and the path of the PDF file on the user's computer" Cimpanu says. These could just be used for tracking purposes, but there is also the potential for more malicious behavior. The 'use-after-free' vulnerability is a memory corruption flaw that carries the risk of escalated privileges on a machine where a threat actor has modified data in memory through exploiting it. That's why Google has issued the urgent update warning, as the potential is there for exploits to be crafted that could enable an attacker to remotely run arbitrary code (a remote code execution attack) whilst escaping the browser's built-in sandbox protection.

What to do next

Luckily this is an easy problem to fix, just make sure you do it as soon as you've finished reading this! First, head over to the drop-down menu in Chrome (you'll find it at the far right of the toolbar - click on the three stacked dots) and select Help|About Google Chrome. You could also type chrome://settings/help in the address bar if you prefer, which takes you to the same dialog box. This will tell you if you have the current version running or if there is an update available. To be safe from this zero-day exploit, make sure that it says you are running version 72.0.3626.121 (Official Build). If not, then Chrome should go and fetch the latest version and update your browser for you automatically.

-snip-


Read more: https://www.forbes.com/sites/daveywinder/2019/03/07/google-confirms-serious-chrome-security-problem-heres-how-to-fix-it/
7 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Google Confirms Serious Chrome Security Problem - Here's How To Fix It (Original Post) Eugene Mar 2019 OP
K&R n/t RKP5637 Mar 2019 #1
Solution: Install Firefox? progressoid Mar 2019 #2
my 'solution' is to not install chrome or ever logon to google. Sunlei Mar 2019 #5
K&R! The "new" Firefox is great, now that Mozilla has seriously decided to dev/support it again. n/t RKP5637 Jul 2019 #7
Good information. snacker Mar 2019 #3
Thanks for the info! n/t pengillian101 Mar 2019 #4
Post removed Post removed Apr 2019 #6

RKP5637

(67,112 posts)
1. K&R n/t
Thu Mar 7, 2019, 07:25 AM
Mar 2019

progressoid

(50,747 posts)
2. Solution: Install Firefox?
Thu Mar 7, 2019, 08:32 AM
Mar 2019

Seriously though. Guess I should call my octogenarian family members and walk them through this.

Sunlei

(22,651 posts)
5. my 'solution' is to not install chrome or ever logon to google.
Sun Mar 17, 2019, 06:51 PM
Mar 2019

at least with this (4 yr old) PC, so far runs smooth as silk. windows 8.1

RKP5637

(67,112 posts)
7. K&R! The "new" Firefox is great, now that Mozilla has seriously decided to dev/support it again. n/t
Tue Jul 9, 2019, 02:15 PM
Jul 2019

snacker

(3,626 posts)
3. Good information.
Thu Mar 7, 2019, 09:08 AM
Mar 2019

Thank you.

pengillian101

(2,351 posts)
4. Thanks for the info! n/t
Thu Mar 7, 2019, 07:49 PM
Mar 2019

Response to Eugene (Original post)

Latest Discussions»Help & Search»Computer Help and Support»Google Confirms Serious C...