Google Chrome’s Highly Sensitive Exploit found by Google Project Zero
Google Project Zero is recently involving revealing bugs. They have recently found an exploit in Apple’s MacOS software and also were involved in disabling a feature in Android TV because of a bug. But now the project zero team has found one of the most used applications of PCs and Android smartphones – Google Chrome. They recommended upgrading Chrome as soon as possible.
For those who don’t know anything about Google Project Zero – it is a team of security analyst created by Google to find zero-day vulnerabilities, bugs and other issues of a new or updated software. Read more about Google Project Zero here.
What was the exploit about
The exploit uses ‘Use-after-free’ vulnerability in the FileReader API. When someone allows a website to read local files, this will let hackers execute malicious codes in the devices. This exploit is so sensitive that Chrome developers are requesting users to update Chrome as soon as possible. Justin Schuh, the head of Google Chrome Security and Desktop division, tweeted about this exploit as well and urged users to update to stay safe from data leak from their computers.
Last week we got to deal with a real 0day chain and a faux 0day at the same time. I wonder which one will get more attention? ? https://t.co/DfeyoB7geY
— Justin Schuh ? (@justinschuh) March 6, 2019
The fix has already been fixed with Chrome 72.0.3626.1221 for Mac, Windows, Linux. The updates are also available for ChromeOS and Android users.
To update Chrome you need head to the three-dot dropdown menu at the top right corner of Google Chrome. Then head to help and from there to About Google Chrome. There use the Update button to update the browser.
The Exploit of MacOS explored by Google
Recently Google Project zero made a flaw of macOS public 90 days after informing Apple. This exploit named ‘BuggyCow’ is a bug that should not be widespread. However, Apple has not addressed the issue yet and also not rolled out an update to fix it. This exploit can be used to dump malicious data deep inside macOS.