Google reveals Chrome zero-day under active attacks


Google revealed yesterday that a patch for Chrome last week was actually a fix for a zero-day that was under active attacks.

The attacks exploited CVE-2019-5786, a security flaw and the only patch included in the Chrome 72.0.3626.121 version, released last Friday, March 1, 2019.

According to an update to its original announcement and a tweet from Google Chrome’s security lead, the patched bug was under active attacks at the time of the patch.

Google described the security flaw as a memory management error in Google Chrome’s FileReader –a web API included in all major browsers that lets web apps read the contents of files stored on the user’s computer.

Read more…
Source: ZDNet