USERS OF Google's Chrome browser have been advised to update it as a matter of urgency following the discovery of a 'high severity' zero-day flaw that's being actively exploited.
The flaw was uncovered by Clement Lecigne, a security engineer in Google's Threat Analysis Group. Classified as a use-after-free vulnerability, the flaw could enable attackers to conduct remote code execution attacks, taking full control of their target's PCs.
While details of the security flaw were withheld - and continue to be - to prevent exploits from being developed, that does not appear to have prevented attackers from taking advantage of the discovery.
"The use-after-free vulnerability is a class of memory corruption bug that allows corruption or modification of data in memory, enabling an unprivileged user to escalate privileges on an affected system or software," according to Hacker News.
The vulnerability, in the FileReader component, "could enable unprivileged attackers to gain privileges on the Chrome web browser, allowing them to escape sandbox protections and run arbitrary code on the targeted system", the report continues.
"It appears to exploit this vulnerability, all an attacker needs to do is tricking victims into just opening, or redirecting them to, a specially-crafted webpage without requiring any further interaction."
A fix for the flaw has been shipped with the latest desktop (Windows, Mac, Linux, Chrome OS) and mobile versions of Chrome OS.
Desktop Chrome users are urged to upgrade to v72.0.3626.121, Android users to v72.0.3626.121, and Chrome OS users to v72.0.3626.122. µ
Some deliberately, others through stupidity
Quite the business expense
It's another quantum leap camera
Evolution, not revolution, but that's just fine