Google Chrome fixed a vulnerability that could enable an attacker to remotely run arbitrary code
Researchers discovered a high-risk security vulnerability on Google Chrome, and Google Chrome quickly released a new version of the bug fix. At present, Google Chrome has announced the details of this vulnerability, which can be used by attackers to carries the risk of escalated privileges on a machine and even execute malicious code. It is also true that Google Chrome released a new version shortly after the vulnerability is discovered. The latest version is the 72.0.3626.121 version.
The browser itself contains a file reading component, FileReader for reading files on the computer. Such as Google Chrome itself will also use the sandbox process isolation code to ensure security, if malicious code can escape from the sandbox, it will be dangerous. The vulnerability of this file reading component is that sandbox escape can be performed. Malicious code can exploit this vulnerability to execute malicious commands on the bottom of the system. This is why Google Chrome’s security executives disclosed this issue a few days after the new release, ensuring that the vast majority of users have been updated without being affected by the vulnerability.
On Google Chrome blog, “Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild. We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.”