Google reveals Chrome zero-day under active attacks

Topic

New Reply

Google Chrome users are advised to use the browser’s built-in update tool to trigger an update to 72.0.3626.121 version [released last Friday, March 1, 2019]. Users should do this right now, especially when the advice comes from Google Chrome’s security lead.
Google reveals Chrome zero-day under active attacks

Windows 11 Pro version 22H2 build 22621.1485 + Microsoft 365 + Edge

5 users thanked author for this post.

abbodi86, Microfix, Kirsty, satrow, Elly

Reply | Quote

Replies

Don’t use Chrome in particular but do use a browser that uses the Chromium engine.  And to think Microsoft soon wants Edge to use the Chromium engine too.  What a joke.   As for me, I’ll continue use double sandboxed protection.   It’s been protecting my systems for over a decade and without a hitch.   🙂

Reply | Quote

Yeah I do not doubt C & C++ could be part of the problem, but people still type those code lines. 😉

Reply | Quote

Put down the cat, coffee, beer pint, martini, whatever you’re holding, and make sure you’ve updated Chrome (unless you enjoy being hacked)
Plus: Sandbox escape vuln in 32-bit Windows 7 boxes exploited

By Shaun Nichols | 7 Mar 2019

 
Updated If Google Chrome is bugging you to update it right now, please stop what you’re doing, and get that upgrade.
…
Updated to add

In a blog post today, Google has revealed a few more details, here. It also warns that it has discovered “a local privilege escalation in the Windows win32k.sys kernel driver that can be used as a security sandbox escape,” that primarily affects Windows 7. Security defenses in modern Windows editions block exploitation attempts.

Google has spotted active attacks leveraging this privilege escalation flaw against 32-bit Windows 7 systems. Microsoft is still working on a patch for this bug, so stay tuned for an update soon. Or upgrade to Windows 10, ChromeOS, Linux… take your pick.

 
Read the full article here

1 user thanked author for this post.

Elly

Reply | Quote

Both in my PC and my Mac, Chrome is set to update automatically every time I use it, which is not every day, but occasionally, when visiting certain Web sites that “prefer” being contacted with it rather than with other browsers.

Today, after I got an email about this problem (as I’m subscribed to the Forum where this thread is located) I started Chrome and checked the version it was running: it was already updated and running the new and safer version.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

b wrote:

Google Chrome users are advised to use the browser’s built-in update tool to trigger an update to 72.0.3626.121 version [released last Friday, March 1, 2019].

Stable Channel Update for Chrome OS
Tuesday, March 5, 2019
The Stable channel has been updated to 72.0.3626.122 (Platform version: 11316.165.0) for most Chrome OS devices. This build contains a number of bug fixes, security updates and feature enhancements. A list of changes can be found here, including a fix for CVE-2019-5786.

1 user thanked author for this post.

Elly

Reply | Quote