Sunday, January 19, 2025
HomeChromeEmergency !! Hackers Exploited Active Google Chrome Zero-day in Wide - Update...

Emergency !! Hackers Exploited Active Google Chrome Zero-day in Wide – Update Chrome Now

Published on

SIEM as a Service

Follow Us on Google News

Google announced an emergency warning about active Google Chrome zero-day vulnerability that exploited in wide and urged users to update the chrome immediately.

Currently, the exploit is rapidly used by hackers and they continue to compromise Google Chrome users to gain complete control of the victim’s system.

This severe bug was reported by Clement Lecigne, of Google’s Threat Analysis Group on 2019-02-27 since the Google worked for the patch and finally, they released an emergency update with fixes for this Active zero-day vulnerability.

Google employees urged their online followers to update all their Chrome browser to 72.0.3626.121 for Windows, Mac, and Linux.

https://twitter.com/justinschuh/status/1103087046661267456

This Chrome zero-day Vulnerability ( CVE-2019-5786 ) mainly affected the Chrome browser’s FileReader API, that allows attackers to perform remote code execution by escaping the Chrome sandbox.

The FileReader API lets web applications asynchronously read the contents of files (or raw data buffers) stored on the user’s computer.

In this case, Zerodium Founder Chaouki Tweets that, “Google discovered a Chrome RCE #0day in the wild (CVE-2019-5786). Reportedly, a full chain with a sandbox escape”

All the users are strictly recommended to update your Chrome browser to newly released version Chrome update 72.0.3626.121

Newly updated Version

Google states in their update that “the stable channel has been updated to 72.0.3626.121 for Windows, Mac, and Linux, which will roll out over the coming days/weeks.”

Google did not reveal more details about this vulnerability and also said, “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed “

Take a moment to check you are running the latest Chrome here else follow the step to update your browser in order to prevent from this active exploit in wide.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Hackers Exploit Google Chrome Zero-day using Weaponized PDF – If PDF Viewed in Chrome

Chrome 72 Released with 58 Security fixes, Removes HPKP and Deprecate TLS 1.0 and 1.1

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hackers Easily Bypass Active Directory Group Policy to Allow Vulnerable NTLMv1 Auth Protocol

Researchers have discovered a critical flaw in Active Directory’s NTLMv1 mitigation strategy, where misconfigured...

AWS Warns of Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has issued a critical security advisory highlighting vulnerabilities in specific...

FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages

Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms....

New Tool Unveiled to Scan Hacking Content on Telegram

A Russian software developer, aided by the National Technology Initiative, has introduced a groundbreaking...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

AIRASHI Botnet Exploiting 0-Day Vulnerabilities In Large Scale DDoS Attacks

AISURU botnet launched a DDoS attack targeting Black Myth: Wukong distribution platforms in August...

Mirai Botnet Variant Exploits Zero-Day Vulnerabilities in Routers

Researchers observed the Gayfemboy botnet in early 2024 as a basic Mirai variant. Still,...

Chrome Security Update – Patch for Multiple Security Vulnerabilities

Google has released an update for its Chrome web browser, advancing to version 131.0.6778.264/.265...