Google Chrome Vulnerability: Here

Google Chrome Vulnerability: Here's How to Fix It

Google has discovered a Zero-Day Vulnerability [CVE-2019-5786] that is being exploited by bad actors. If you are a Chrome user, you are at risk. Make sure your browser has been updated to the latest patched version [72.0.3626.121], which fixes the vulnerability.

Google has discovered a Zero-Day Vulnerability [CVE-2019-5786] that is being exploited by bad actors. If you are a Chrome user, you are at risk. Make sure your browser has been updated to the latest patched version [72.0.3626.121], which fixes the vulnerability.

Google posted an update last week addressing security vulnerability that hackers were exploiting in the wild. “Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild,” the report read.

Justin Schuh, Google Chrome's security lead and engineering director, warned users to immediately update Chrome browser after the critical bug was discovered. “Also, seriously, update your Chrome installs... like right this minute. #PSA,” Schuch tweeted.

The vulnerability, which affects the browser in Windows, Mac, and Linux, was reported by Clement Lecigne of Google’s Threat Analysis Group on February 27.

What are zero-day vulnerabilities?

A zero-day or 0day vulnerability is a bug or flaw in a code that has been discovered and disclosed but not yet patched. You can also call them unknown vulnerabilities, because they aren’t discovered by software vendors until the software has already been released.

Once a bug is discovered, software vendors have a very limited time (zero days) in which they need to fix the issue. Until they release a patch, it is considered a “zero day” vulnerability. If there is exploit code available for that vulnerability, it’s a “zero day” exploit, with “zero” referring to the number of days since a patch has been available to the public.

Why it is important to update your browser?

Google Chrome 72.0.3626.121 addresses CVE-2019-5786, a Use-After-Free (UAF) vulnerability in FileReader, an application programming interface (API) included in browsers to allow web applications to read the contents of files stored on a user’s computer.

How to update your Chrome browser

To patch this vulnerability, you just need to update your chrome browser by following these quick steps:

  1. Open your browser and type, chrome://settings/help
  2. Click Relaunch

After relaunch, Google will show you the updated version which is 72.0.3626.121

How to stay safe from future vulnerabilities

In the world of cyber criminals, you can’t be 100 percent safe. However, there are still some actions you can take immediately if the same thing happens in future with any software.

  1. Keep software and security patches up to date by downloading the latest software releases and updates.
  2. Keep your system up-to-date.
  3. Establish safe and effective personal online security habits.
  4. Configure security settings for your operating system.
  5. Install a proactive and comprehensive security software to help block known and unknown threats to vulnerabilities.

About the Author

Susan Alexandra is a small business owner, traveler and investor of cryptocurrencies.

Featured

  • Evolving Cybersecurity Strategies: Uniting Human Risk Management and Security Awareness Training

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

  • Report: 1 in 3 Easily Exploitable Vulnerabilities Found on Cloud Assets

    CyCognito recently released new research highlighting critical security vulnerabilities across cloud-hosted assets, revealing that one in three easily exploitable vulnerabilities or misconfigurations are found on cloud assets. As organizations increasingly shift to multi-cloud strategies, the findings underscore significant security gaps that could provide attackers with potential footholds into networks. Read Now

  • Built for Today, Ready for Tomorrow

    Selecting the right VMS is critical for any organization that depends on video surveillance to ensure safety, security and operational efficiency. While many organizations focus on immediate needs such as budget and deployment size, let us review some of the long-term considerations that can significantly impact a VMS's utility and flexibility. Read Now

  • Paving the Way to Smart Buildings

    In today's rapidly evolving security landscape, the convergence of on-prem, edge and cloud technologies are critical. The physical security landscape is undergoing a profound transformation, driven by the rapid digitalization of buildings and the evolving needs of modern organizations. As the buildings sector pivots towards smart, AI and data-driven operations, the integration of both edge and cloud technology has become crucial. Read Now

  • The Cybersecurity Time Bomb

    If you work in physical security, you have probably seen it: a camera, access control system, or intrusion detection device installed years ago, humming along without a single update. It is a common scenario that security professionals have come to accept as "normal." But here is the reality: this mindset is actively putting organizations at risk. Read Now

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.