Security Affairs
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Google Chrome Zero-Day Vulnerability CVE-2019-5786 actively exploited in the wild

A new zero-day vulnerability in Google Chrome, tracked as CVE-2019-5786, is actively exploited in attacks in the wild. A new zero-day vulnerability in Google Chrome is actively exploited in attacks in the wild. The vulnerability was discovered late February by Clement Lecigne, a security researcher at the Google Threat Analysis Group. The high severity zero-day […]

Spook.Js

A new zero-day vulnerability in Google Chrome, tracked as CVE-2019-5786, is actively exploited in attacks in the wild.

A new zero-day vulnerability in Google Chrome is actively exploited in attacks in the wild. The vulnerability was discovered late February by Clement Lecigne, a security researcher at the Google Threat Analysis Group. The high severity zero-day flaw in Chrome could be exploited by a remote attacker to execute arbitrary code and take full control of the target computer.

The vulnerability tracked as CVE-2019-5786 resides in the web browsing software and impact all major operating systems including Windows, Apple macOS, and Linux.

Lecigne did not reveal technical details of the issue, Google experts only revealed that the CVE-2019-5786 flaw is a use-after-free vulnerability in the FileReader component of the Chrome browser. FileReader is a standard API that allows web applications to asynchronously read the contents of files stored on a computer, using ‘File’ or ‘Blob’ objects to specify the file or data to read.

Google confirmed that the zero-day RCE vulnerability is actively being exploited in the wild by threat actors.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” reads the security advisory published by Google. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

“Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild.

You must update your Google Chrome immediately to the latest version of the web browsing application.

A use-after-free flaw in the FileReader component could be exploited by unprivileged attackers to gain privileges on the Chrome web browser and to escape the sandbox to run arbitrary code.

The attack scenario sees threat actors tricking victims into opening, or redirecting them to, a specially-crafted webpage.

Google addressed the issue by rolling out a stable Chrome update 72.0.3626.121 for Windows, Mac, and Linux operating systems.

Don’t waste time and update your Chrome web browser.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Chrome, CVE-2019-5786)

[adrotate banner=”5″]

[adrotate banner=”13″]