CVE-2019-5786 FileReader vulnerabilities spots on the Chrome

Zero-hour CVE-2019-5786 Vulnerability founds: Update Chrome

 “Zero-day” vulnerability was found on the Google Chrome. It was discovered late February by a Cyber Security researcher, Clement Lecigne, from Google Threat Analysis Group. This high risk in the Chrome was tracked as CVE-2019-5786, which could impact on major operating systems such as Windows, Apple, macOS and Linux. By this vulnerability, the attackers managed to control the target computer. Fortunately, it has been fixed. The users are now urged to update their Chrome to the latest version to avoid the attack.

The Cyber security researcher about CVE-2019-5786 

Lecigine not said much of about the technical details about the vulnerability. They only said that CVE-2019-5786, a user-after-free vulnerability occurs in the FileReader (API) component of the target Browser.  The FileReader is something that allows web applications to read the contents stored on a computer.

Google Confirmed the Zero-day vulnerability was active and was exploited by Cyber crooks:

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” reads the security advisory published by Google. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

The vulnerabilities fixed thanks to the quick action

The vulnerability was reported on 27 of the February by the researcher from Google Threat Analysis. CVE-2019-5786 vulnerability in the FileReader component could be exploited by some Cyber crooks for the sole motive to escape the sandbox in order to run arbitrary code. Thus, attackers could mislead the users into opening some malicious pages, or redirecting them to their sponsored webpage.

There is good news that the vulnerability is fixed now. Users should need to update their Chrome to avoid form the vulnerability. The desktop Chrome users should immediately upgrade to v72.0.3626.121, Android users to v72.0.3626.121 and Chrome users to v72.0.3626.122 for Windows, Mac, and Linux operating systems.