• Google reveals Chrome zero-day under active attacks

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » Google reveals Chrome zero-day under active attacks

    Tags:

    Author
    Topic
    b
    AskWoody_MVP
    March 6, 2019 at 11:00 pm #338390

    Google Chrome users are advised to use the browser’s built-in update tool to trigger an update to 72.0.3626.121 version [released last Friday, March 1, 2019]. Users should do this right now, especially when the advice comes from Google Chrome’s security lead.
    Google reveals Chrome zero-day under active attacks

    5 users thanked author for this post.
    abbodi86, Microfix, Kirsty, satrow, Elly
    Reply | Quote
    Viewing 3 reply threads
    Author
    Replies
    • lylejk
      AskWoody Plus
      March 7, 2019 at 11:42 am #338581

      Don’t use Chrome in particular but do use a browser that uses the Chromium engine.  And to think Microsoft soon wants Edge to use the Chromium engine too.  What a joke.   As for me, I’ll continue use double sandboxed protection.   It’s been protecting my systems for over a decade and without a hitch.   🙂

      Reply | Quote
    • anonymous
      Guest
      March 7, 2019 at 12:34 pm #338621

      Yeah I do not doubt C & C++ could be part of the problem, but people still type those code lines. 😉

      Reply | Quote
    • Kirsty
      Manager
      March 7, 2019 at 3:37 pm #338726

      Put down the cat, coffee, beer pint, martini, whatever you’re holding, and make sure you’ve updated Chrome (unless you enjoy being hacked)
      Plus: Sandbox escape vuln in 32-bit Windows 7 boxes exploited

      By Shaun Nichols | 7 Mar 2019

       
      Updated If Google Chrome is bugging you to update it right now, please stop what you’re doing, and get that upgrade.

      Updated to add

      In a blog post today, Google has revealed a few more details, here. It also warns that it has discovered “a local privilege escalation in the Windows win32k.sys kernel driver that can be used as a security sandbox escape,” that primarily affects Windows 7. Security defenses in modern Windows editions block exploitation attempts.

      Google has spotted active attacks leveraging this privilege escalation flaw against 32-bit Windows 7 systems. Microsoft is still working on a patch for this bug, so stay tuned for an update soon. Or upgrade to Windows 10, ChromeOS, Linux… take your pick.

       
      Read the full article here

      1 user thanked author for this post.
      Elly
      Reply | Quote
      • OscarCP
        Member
        March 7, 2019 at 3:55 pm #338732

        Both in my PC and my Mac, Chrome is set to update automatically every time I use it, which is not every day, but occasionally, when visiting certain Web sites that “prefer” being contacted with it rather than with other browsers.

        Today, after I got an email about this problem (as I’m subscribed to the Forum where this thread is located) I started Chrome and checked the version it was running: it was already updated and running the new and safer version.

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

        Reply | Quote
    • Kirsty
      Manager
      March 7, 2019 at 5:06 pm #338756
      b wrote:

      Google Chrome users are advised to use the browser’s built-in update tool to trigger an update to 72.0.3626.121 version [released last Friday, March 1, 2019].


      Stable Channel Update for Chrome OS
      Tuesday, March 5, 2019
      The Stable channel has been updated to 72.0.3626.122 (Platform version: 11316.165.0) for most Chrome OS devices. This build contains a number of bug fixes, security updates and feature enhancements. A list of changes can be found here, including a fix for CVE-2019-5786.

      1 user thanked author for this post.
      Elly
      Reply | Quote
    Viewing 3 reply threads
    Reply To: Google reveals Chrome zero-day under active attacks

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.