<snip>

The attacks exploited CVE-2019-5786, a security flaw and the only patch included in the Chrome 72.0.3626.121 version, released last Friday, March 1, 2019.

According to an update to its original announcement and a tweet from Google Chrome's security lead, the patched bug was under active attacks at the time of the patch.

Google described the security flaw as a memory management error in Google Chrome's FileReader --a web API included in all major browsers that lets web apps read the contents of files stored on the user's computer.

More specifically, the bug is a use-after-free vulnerability, a type of memory error that happens when an app tries to access memory after it has been freed/deleted from Chrome's allocated memory. An incorrect handling of this type of memory access operation can lead to the execution of malicious code.

<snip>