Users of the Google Chrome browser should update it to 72.0.3626.121 as soon as possible. The background is that Google has closed a critical vulnerability with the new version, which is now being actively exploited in the wild.
Friday, March 1, 2019 – The stable channel has been updated to 72.0.3626.121 for Windows, Mac, and Linux, which will roll out over the coming days/weeks.
Security Fixes and Rewards: High CVE-2019-5786: Use-after-free in FileReader
Now the Google developers have extended the description to the effect that an exploit for the vulnerability CVE-2019-5786 exists and is already being exploited. The CVE-2019-5786 vulnerability is rated as highly severe by the Google Chrome team. It’s a bug in the browser’s FileReader API, an API that allows the browser to access and read locally stored files.
Attackers can use maliciously crafted Web pages to access files stored locally on the device using the Chrome FileReader API. Bleeping Computer writes that this ‘read-only API’ can be used to execute arbitrary code on the target system. This could allow an attacker to take over the device or trigger a denial of service condition.
Users should update Google Chrome with an auto-update. If this does not work, the Google Chrome browser is available here.