Google discovered a zero-day flaw in Google Chrome, one that could place users at risk. All users are called to update their browsers as soon as possible. Google maintains access to bug details “restricted” so that the flaw cannot be exploited. More information should become available when most Chrome users update their browser.
“Pursuant to Google’s vulnerability disclosure policy, when we discovered the vulnerability we reported it to Microsoft. Today, also in compliance with our policy, we are publicly disclosing its existence, because it is a serious vulnerability in Windows that we know was being actively exploited in targeted attacks,” declared Google’s Clement Lecigne, a member of Google’s threat analysis group.
Google also made sure to thank all the developers and researchers that helped them to create a fix for this bug. As it turns out, a bug exploit already exists, which makes it vital for users to update their browsers.
“Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild.
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel,” read the blog post.
The second vulnerability
The Chrome major flaw was such a huge risk because attackers were able to exploit it in conjunction with a Windows 7 vulnerability. The bad news is that the Windows flaw hasn’t been fixed yet. The vulnerability is related to a privilege escalation when it comes to the Windows win32k.sys kernel driver.
According to Google Chrome, this flaw can be exploited only on Windows 7, and all the exploits discovered so far existed only on 32-bit Windows 7 installations. This can limit the number of attacks, but it is also important to remember that 38.4% of Windows users still use Windows 7.
Nora Reynolds is a major in biology and a minor in Biological Basis of Behavior, writing about science in general. She also likes to try new gadgets and sports about the AI new era.