A new zero-day vulnerability in Google Chrome is actively exploited in attacks in the wild. The vulnerability was discovered late February by Clement Lecigne, a security researcher at the Google Threat Analysis Group.
The high severity zero-day flaw in Chrome could be exploited by a remote attacker to execute arbitrary code and take full control of the target computer. The Chrome browser vulnerability is currently tracked under CVE-2019-5786. The security issue resides in the web browsing software and impact all major operating systems including Windows, Apple Mac OS, and Linux. Google confirmed that the zero-day Remote Code Execution (RCE) vulnerability is actively being exploited in the wild by threat actors. The security advisory published by Google states:
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild.”
“We strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows.”
“To date, we have only observed active exploitation against Windows 7 32-bit systems.”
Our recommendation is you must update your Google Chrome immediately to the latest version of the web browsing application. As mitigation advice for this vulnerability, users should consider upgrading to Windows 10 if they are still running an older version of Windows. Unsupported software, especially operating systems and browser applications, must be not be used on computers that have an Internet connection. We also suggest that networks, endpoints and critical systems are closely monitored.