Google’s Threat Analysis Group discovered in late February a zero-day vulnerability (CVE-2019-5786) that exists in Google Chrome. There are reports that there is an exploit that currently exists in the wild. It is critical that all instances of Google Chrome are updated to the latest version that was released at the beginning of March 2019. This update remediates the vulnerability and secures your Chrome browser.
While Google has not revealed the details of the vulnerability, it is described as “a use-after-free vulnerability in the FileReader component of the Chrome Browser” (Security Affairs). The FileReader permits various web application to read the contents of files residing on a computer. Google Chrome is designed to essentially function as a sandbox, or a system in which all activities are contained therein, including many web exploits. However, it is necessary for Chrome to be able to reach into the computer system for various functionality. It is believed that this vulnerability allows the attacker to break out of the sandbox and access the full computer system. ZDNet adds the following:
A use-after-free vulnerability (is) a type of memory error that happens when an app tries to access memory after it has been freed/deleted from Chrome’s allocated memory. An incorrect handling of this type of memory access operation can lead to the execution of malicious code.
As mentioned, there are reports that an exploit for this vulnerability is active in the wild. This has not been confirmed publicly and we do not yet know what it is or how it operates. However, once this information is disclosed we will both inform you and update our rules and alerts to discover any activity affecting our customers.
IMPACT AND REMEDIATION
Google updated Chrome on March 1st with version 72.0.3626.121. Updating your Chrome instance will effectively patch this vulnerability and keep you safe. It is possible that your Chrome auto-updated. To check the latest version open Chrome and in your Chrome address bar, type: “chrome://settings/help”. This will tell you the version you have installed and if it is up to date. Confirm that it says “Version 72.0.3626.121”. If it does not, it should prompt you to update.
SECURITY ON-DEMAND ACTIONS
We are actively monitoring the developments around this vulnerability. As there are no technical details regarding both the vulnerability itself and the reported exploit that exists, we are unable to build rules or task indicators directly tied to this. However, our 24/7 SOC is aware of this vulnerability and are actively monitoring and searching for any anomalous behaviors that may be occurring on our customers’ networks. Once details emerge, we will immediately apply the rules and indicators as well as go back through our customers’ recent data to see if you were affected previously.
About Security On-Demand’s Threat Reconnaissance Unit
This Threat Assessment Report is being provided to you as a service of Security On-Demand’s Threat Reconnaissance Unit or “TRU”. The mission of SOD’s Threat Recon Unit is to provide market education, “pre-threat” posture recommendations, intelligence gathering/correlation, and analysis of attack trends that impact businesses worldwide.
About the Author
Steven Bay spent 12 years at the National Security Agency as a cyber-intelligence analyst. After the NSA he has worked across the private sector providing cybersecurity services as a consultant, CISO, and designing and building security programs and conducting incident response on some of the nations largest data breaches. He is currently the Director of the Threat Reconnaissance Unit at Security On-Demand.