[SingCERT] Alert on Critical Vulnerability (CVE-2019-5786) in Google Chrome

Published on Thursday, 07 March 2019 16:29

Background

Google has announced a security update to address a critical vulnerability (CVE-2019-5786) found in its Chrome web browser.

A flaw in the browser's FileReader component allows attackers to read arbitrary files that are stored locally. Attackers could also perform remote code execution on the underlying operating system. There have been reports that the vulnerability is being actively exploited.

Affected Products

Google Chrome web browser prior to version 72.0.3626.121

Impact

An attacker could craft malicious web content to execute codes on an unpatched Chrome browser, which could lead to the compromise of a user's data that is stored locally on the system.

Recommendations

Users using the affected versions of Chrome browser are advised to update to the latest version immediately. If the browser's automatic updates function is enabled, users should connect their systems to the Internet and perform a restart of their web browsers for the browsers to be updated. As a best practice, users are encouraged to enable the automatic updates function.

References

https://www.helpnetsecurity.com/2019/03/06/chrome-cve-2019-5786/

https://www.bleepingcomputer.com/news/security/google-chrome-update-patches-zero-day-actively-exploited-in-the-wild/