Skip to main content

Google fixes Chrome zero-day exploit, security update rolling out to Mac, Windows, Android, & Chrome OS

After releasing an incremental update for Chrome on Mac, Windows, and Linux last Friday, Google revealed yesterday that it addresses a zero-day exploit. The company’s security team advises users to update Chrome on all platforms immediately as there is evidence of a malicious party actively using the attack.

Google released (via ZDNet) Chrome 72.0.3626.121 for Mac, Linux, and Windows on Friday. However, it was only yesterday that the company publicized that CVE-2019-5786 was “High” severity and a zero-day.

[$N/A][936448] High CVE-2019-5786: Use-after-free in FileReader. Reported by Clement Lecigne of Google’s Threat Analysis Group on 2019-02-27

In computer parlance, a zero-day is an exploit that the software vendor is not aware of — and therefore did not have time to address — until it’s publicized. This particular attack involves the FileReader API that allows websites to read local files, while the “Use-after-free” class of vulnerabilities — at worse — allows for execution of malicious code.

Google’s internal Threat Analysis Group first caught wind of the exploit on Wednesday, February 27th, which was apparently being used by nefarious actors when the Chrome update was released.

Users are being advised to update Chrome across all platforms. A new version of Chrome for Android was released shortly after the desktop version on Friday, while Chrome OS was patched on Tuesday.

Mac, Windows, and Linux users can head to chrome://settings/help to manually initiate the download if it has yet to be pushed to a device. Once complete, Chrome will alert users to finish the process and restart the browser. It otherwise updates the next time users close the desktop application.

The update process is similar on Chrome OS, while Android users can visit the Play Store where the new version is still rolling out.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Google on YouTube for more news:



Avatar for Abner Li Abner Li

Editor-in-chief. Interested in the minutiae of Google and Alphabet. Tips/talk: