Warning over 'high severity' security flaw in Google's Chrome web browser being exploited in the wild

Users of Google's Chrome web browser have been advised to update it as a matter of urgency following the discovery of exploits in the wild for a ‘high severity' security flaw publicised in February.

The security flaw was uncovered by Clement Lecigne, a security engineer in Google's Threat Analysis Group. Classified as a use-after-free vulnerability, the flaw could enable attackers to conduct remote code execution attacks, taking full control of their target's PCs.

While details of the security flaw were withheld - and continue to be withheld - to prevent exploits from being developed, that does not appear to have prevented attackers from taking advantage of the discovery.

"The use-after-free vulnerability is a class of memory corruption bug that allows corruption or modification of data in memory, enabling an unprivileged user to escalate privileges on an affected system or software," according to Hacker News .

The vulnerability, in the FileReader component, "could enable unprivileged attackers to gain privileges on the Chrome web browser, allowing them to escape sandbox protections and run arbitrary code on the targeted system", the report continues.

"It appears to exploit this vulnerability, all an attacker needs to do is tricking victims into just opening, or redirecting them to, a specially-crafted webpage without requiring any further interaction."

A patch is already in the process of being rolled out and users have been urged to update Chrome as a matter of priority.

Further reading

Gmail users now automatically logged into Chrome without their consent

  • Privacy
  • 24 Sep 2018

Google reverses over Chrome auto-login introduced with Chrome 69

  • Software
  • 27 Sep 2018

Google unveils new version of Chrome for added business security

  • Operating Systems
  • 07 Dec 2017

Google: HTTPS now securing two-thirds of all Chrome traffic on Android

  • Security
  • 23 Oct 2017
  • LinkedIn

  • Google plus

  • Topics
  • Security
  • Google
  • Chrome
  • Clement Lecigne
  • Threat Analysis

Similar Articles:

Why is Google selling potentially compromised Chinese security keys?

Why is Google selling potentially compromised Chinese security keys?

Microsoft Edge lets Facebook run Flash code behind users' backs

Microsoft Edge lets Facebook run Flash code behind users' backs

Google promises Chrome changes after privacy complaints

Google promises Chrome changes after privacy complaints

Google quietly started logging people into Chrome without their consent, and a security expert says it's terrible for privacy

Google quietly started logging people into Chrome without their consent, and a security expert says it's terrible for privacy