Go Back  FlyerTalk Forums > Travel&Dining > Travel Technology
Reload this Page >

Google Chrome Urgent Security Alert

Google Chrome Urgent Security Alert

Old Mar 7, 19, 2:07 pm
Moderator: Travel Safety/Security, Travel Tools, California, Los Angeles
Original Poster
Join Date: Dec 2009
Location: VNY | BUR | LAX
Programs: AAdvantage | MileagePlus
Posts: 11,786
Google Chrome Urgent Security Alert

Google reveals Chrome zero-day under active attacks


The attacks exploited CVE-2019-5786, a security flaw and the only patch included in the Chrome 72.0.3626.121 version, released last Friday, March 1, 2019.

According to an update to its original announcement and a tweet from Google Chrome's security lead, the patched bug was under active attacks at the time of the patch.

Google described the security flaw as a memory management error in Google Chrome's FileReader --a web API included in all major browsers that lets web apps read the contents of files stored on the user's computer.

More specifically, the bug is a use-after-free vulnerability, a type of memory error that happens when an app tries to access memory after it has been freed/deleted from Chrome's allocated memory. An incorrect handling of this type of memory access operation can lead to the execution of malicious code.

TWA884 is offline  

Thread Tools
Search this Thread