Google warns that hackers are exploiting Windows 7 & Chrome zero-day vulnerability
On March 7, Google issued a notice to disclose the existence of a Microsoft Windows vulnerability. Google said the local privilege vulnerability could be used in conjunction with the Google Chrome browser vulnerability (CVE-2019-5786) that was revealed last week to control the victim’s machine. Since Google discovered that the related attacks have been exploited in the wild, it was decided to disclose this information and issues a warning to users. At present, Chrome has pushed automatic updates to fix the above vulnerabilities, and Windows is still preparing related vulnerability patches. According to Google, Windows vulnerabilities only affect WIN7 32bit systems.
Affected version
- Google Chrome < 72.0.3626.121
- Win7 32bit system
Solution
Google Chrome users should update to the secure version as soon as possible.
Google researchers said that before Microsoft fixes, the vulnerability can still be used to escalate or use with other browser vulnerabilities to achieve sandbox escape, so users are advised to use the latest version of Windows 10, and when the patch is published by Microsoft.