NA

CVE-2019-5786

Vulnerability Summary

Google Chrome could allow a remote malicious user to execute arbitrary code on the system, caused by a use-after-free in FileReader. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Vulnerability Trend

Vendor Advisories

Synopsis Important: chromium-browser security update Type/Severity Security Advisory: Important Topic An update for chromium-browser is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
Clement Lecigne discovered a use-after-free issue in chromium's file reader implementation A maliciously crafted file could be used to remotely execute arbitrary code because of this problem This update also fixes a regression introduced in a previous update The browser would always crash when launched in remote debugging mode For the stable di ...
Arch Linux Security Advisory ASA-201903-1 ========================================= Severity: High Date : 2019-03-02 CVE-ID : CVE-2019-5786 Package : chromium Type : arbitrary code execution Remote : Yes Link : securityarchlinuxorg/AVG-916 Summary ======= The package chromium before version 7203626121-1 is vulnerable to a ...
A use-after-free issue has been found in the FileReader component of the chromium browser before 7203626121 ...
The stable channel has been updated to 7203626121 for Windows, Mac, and Linux, which will roll out over the coming days/weeks Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix We will also retain restrictions if the bug exists in a third party library th ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4404-1 security () debian org wwwdebianorg/security/ Michael Gilbert March 09, 2019 wwwdebianorg/security/faq ...

Github Repositories

Note Due to the recent bug found in Chrome, CVE-2019-5786, I recomend not using the CEF or Master branch until CEFSharp can get its latest version up to at least the current verison I will not be providing updates on the Nuget packages in my programs reliably, so it is up to you to keep your applications up to date wwwforbescom/sites/daveywinder/2019/03/07/google-co

Recent Articles

Microsoft Patches Two Win32k Bugs Under Active Attack
Threatpost • Tom Spring • 12 Mar 2019

Microsoft released patches for two Win32k bugs actively under attack, along with fixes for four additional bugs that are publicly known, as part of its March Patch Tuesday security bulletin. The Win32k bugs are both elevation of privilege vulnerabilities, rated important, and tied to the way Windows handles objects in memory.
“An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete...

Put down the cat, coffee, beer pint, martini, whatever you're holding, and make sure you've updated Chrome (unless you enjoy being hacked)
The Register • Shaun Nichols in San Francisco • 07 Mar 2019

Plus: Security sandbox escape vuln in 32-bit Windows 7 boxes exploited

Updated If Google Chrome is bugging you to update it right now, please stop what you're doing, and get that upgrade.
The latest version fixes a security vulnerability (CVE-2019-5786) that can be potentially exploited by malicious webpages to hijack the software, and run spyware, ransomware, and other nasties on your device or machine.
According to Googler Abdul Syed, the ads giant is "aware of reports that an exploit for CVE-2019-5786 exists in the wild," meaning criminals and other ...

Latest Chrome update plugs a zero-day hole
welivesecurity • Tomáš Foltýn • 07 Mar 2019

Google has revealed that the update for Google Chrome, rolled out late last week, addressed a security hole that attackers were already exploiting in the wild.
“Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild,” the company noted in an update on Tuesday after initially releasing the advisory last Friday. Also on Tuesday, a tweet by leading Chrome security engineer Justin Schuh added urgency to the issue: “[Like], seriously, update your Chrome installs...

References