Go Back  FlyerTalk Forums > Travel&Dining > Travel Technology
Reload this Page >

Google Chrome Urgent Security Alert

Google Chrome Urgent Security Alert

Old Mar 7, 19, 2:07 pm
  #1  
Moderator: Travel Safety/Security, Travel Tools, California, Los Angeles
Original Poster
 
Join Date: Dec 2009
Location: VNY | BUR | LAX
Programs: AAdvantage | MileagePlus
Posts: 11,786
Google Chrome Urgent Security Alert

Google reveals Chrome zero-day under active attacks

<snip>

The attacks exploited CVE-2019-5786, a security flaw and the only patch included in the Chrome 72.0.3626.121 version, released last Friday, March 1, 2019.

According to an update to its original announcement and a tweet from Google Chrome's security lead, the patched bug was under active attacks at the time of the patch.

Google described the security flaw as a memory management error in Google Chrome's FileReader --a web API included in all major browsers that lets web apps read the contents of files stored on the user's computer.

More specifically, the bug is a use-after-free vulnerability, a type of memory error that happens when an app tries to access memory after it has been freed/deleted from Chrome's allocated memory. An incorrect handling of this type of memory access operation can lead to the execution of malicious code.

<snip>
TWA884 is offline  

Thread Tools
Search this Thread