Google has issued a warning to all Chrome users about a Zero-Day Vulnerability that the browser has been discovered to be at risk from. Fortunately, a solution is already at hand. And it’s as simple as updating the browser to the latest build.
Here again, the browser is designed to update on its own, which means there isn’t much that the user has to do. That said, it is still recommended to see if the browser has indeed updated itself and that the version shown is 72.0.3626.121. It’s the version carrying the patch against the zero-day bug which Google said is being exploited by the bad guys.
The Mountain View company however also said an updated browser isn’t the only protection against the bug. For the user is also required to restart the browser for the patch included in the latest update to take effect. So those who might have updated their browsers but haven’t yet restarted are recommended to do so right away as the patches won’t be effective until this is done.
Google said the restart is needed since the latest exploit targets the Chrome code right away. This is unlike such zero-day bugs found earlier which usually used Flash as the first exploit and that Flash happens to be a separate plugin that could be updated separately. Hence, updating the browser would have been the only requisite (and not a restart) to deal with such scenarios though that is not to be in the present case.
Google had earlier acknowledged that there is an exploit for CVE-2019-5786 and that it is being misused. Elaborating further, the company stated CVE-2019-5786 happens to be a Use-After-Free (UAF) vulnerability in FileReader. The same again is an application programming interface (API) and is part of Chrome or for that matter all browsers to ensure web applications can read contents of files present in the user’s computers.
The vulnerability in Chrome has been found to be particularly damaging for Windows, Mac, and Linux users. Among Windows users, it is again Windows 7, particularly the 32-bit version of the OS that runs the largest risk of being affected by the bug. In that case, users who might still be using Windows 7 are recommended to have the latest updates and patches from Microsoft installed on their devices.