Google Chrome’s security lead has warned all the Chrome web browser (Windows, Mac, and Linux) users to update their applications to 72.0.3626.121 version immediately to protect themselves from a major security issue.
Google also updated its original announcement to include the information that the March 1’s patch was actually a fix for a zero-day under active attacks. It took care of the CVE-2019-5786 security flaw, which was discovered by Clement Lecigne of Google’s Threat Analysis Group.
Talking specifically about this exploitable bug, Chrome has chosen to keep the details under the hood to make sure that the majority of the users update their browsers before the flaw is made public.
“We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” the post added.
Also, seriously, update your Chrome installs… like right this minute. #PSA
— Justin Schuh ? (@justinschuh) March 6, 2019
While the details are scarce, we know that the flaw deals with memory management in Chrome’s Filereader, which is an API that lets web apps read the content of files stored on user’s computers.
There are good chances that the attackers can exploit this vulnerability to run malicious code and perform Remote Code Execution. So, follow Google’s advice and update your Chrome installs to 72.0.3626.121 version right now!