Users of Google's Chrome web browser have been advised to update it as a matter of urgency following the discovery of exploits in the wild for a ‘high severity' security flaw publicised in February.
The security flaw was uncovered by Clement Lecigne, a security engineer in Google's Threat Analysis Group. Classified as a use-after-free vulnerability, the flaw could enable attackers to conduct remote code execution attacks, taking full control of their target's PCs.
While details of the security flaw were withheld - and continue to be withheld - to prevent exploits from being developed, that does not appear to have prevented attackers from taking advantage of the discovery.
"The use-after-free vulnerability is a class of memory corruption bug that allows corruption or modification of data in memory, enabling an unprivileged user to escalate privileges on an affected system or software," according to Hacker News .
The vulnerability, in the FileReader component, "could enable unprivileged attackers to gain privileges on the Chrome web browser, allowing them to escape sandbox protections and run arbitrary code on the targeted system", the report continues.
"It appears to exploit this vulnerability, all an attacker needs to do is tricking victims into just opening, or redirecting them to, a specially-crafted webpage without requiring any further interaction."
A patch is already in the process of being rolled out and users have been urged to update Chrome as a matter of priority.
Gmail users now automatically logged into Chrome without their consent
- 24 Sep 2018
Google reverses over Chrome auto-login introduced with Chrome 69
- 27 Sep 2018
Google unveils new version of Chrome for added business security
- Operating Systems
- 07 Dec 2017
Google: HTTPS now securing two-thirds of all Chrome traffic on Android
- 23 Oct 2017
- Clement Lecigne
- Threat Analysis