Google Chrome zero-day: Now is the time to update and restart your browser
A proof of concept for CVE-2019-5786 was published by Exodus Intel. In our earlier post we exercised caution before claiming we would have blocked this zero-day, but we can now say with confidence that an older version of Malwarebytes (1.12.1.122) would have mitigated this attack:
This shows the benefits for certain applications from being allowed to inject into Chrome, something that Google’s new policies have disabled.
—
It’s not often that we hear about a critical vulnerability in Google Chrome, and perhaps it’s even more rare when Google’s own engineers are urging users to patch.
There are several good reasons why you need to take this new Chrome zero-day (CVE-2019-5786) seriously. For starters, we are talking about a full exploitation that escapes the sandbox and leads to remote code execution. This in itself is not an easy feat, and is usually observed only sporadically, perhaps during a Pwn2Own competition. But this time, Google is saying that this vulnerability is actively being used in the wild.
According to Clément Lecigne, the person from Google’s Threat Analysis Group who discovered the attack, there is another zero-day that exists in Microsoft Windows (yet to be patched), suggesting the two could be chained up for even greater damage.
If you are running Google Chrome and its version is below 72.0.3626.121, your computer could be exploited without your knowledge. While it’s true that Chrome features an automatic update component, in order for the patch to be installed you must restart your browser.
This may not seem like a big deal but it is. Another Google engineer explains why this matters a lot, in comparison to past exploits:
Past 0days targeted Chrome by using Flash as the first exploit in the chain. Because Flash is a plugin component, we could update it separately, and once updated Chrome would silently switch to the fixed Flash, without a browser restart or any user intervention. [2/3]
This newest exploit is different, in that initial chain targeted Chrome code directly, and thus required the user to have restarted the browser after the update was downloaded. For most users the update download is automatic, but restart is a usually a manual action. [3/3]
Considering how many users keep Chrome and all their tabs opened for days or even weeks without ever restarting the browser, the security impact is real.
Some might see a bit of irony with this latest zero-day considering Google’s move to ban third-party software injections. Many security programs, including Malwarebytes, need to hook into processes, such as the browser and common Office applications, in order to detect and block exploits from happening. However, we cannot say for sure whether or not this could prevent the vulnerability from being exploited, since few details have been shared yet.
In the meantime, if you haven’t done so yet, you should update and relaunch Chrome; and don’t worry about your tabs, they will come right back.
Anyone can join.
Anyone can contribute.
Anyone can become informed about their world.
"United We Stand" Click Here To Create Your Personal Citizen Journalist Account Today, Be Sure To Invite Your Friends.
Please Help Support BeforeitsNews by trying our Natural Health Products below!
Order by Phone at 888-809-8385 or online at https://mitocopper.com M - F 9am to 5pm EST
Order by Phone at 866-388-7003 or online at https://www.herbanomic.com M - F 9am to 5pm EST
Order by Phone at 866-388-7003 or online at https://www.herbanomics.com M - F 9am to 5pm EST
Humic & Fulvic Trace Minerals Complex - Nature's most important supplement! Vivid Dreams again!
HNEX HydroNano EXtracellular Water - Improve immune system health and reduce inflammation.
Ultimate Clinical Potency Curcumin - Natural pain relief, reduce inflammation and so much more.
MitoCopper - Bioavailable Copper destroys pathogens and gives you more energy. (See Blood Video)
Oxy Powder - Natural Colon Cleanser! Cleans out toxic buildup with oxygen!
Nascent Iodine - Promotes detoxification, mental focus and thyroid health.
Smart Meter Cover - Reduces Smart Meter radiation by 96%! (See Video).