Security advisories

Chrome Zero-day CVE-2019-5786

March 7, 2019 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

On March 5th Google announced a zero-day vulnerability affecting the Google Chrome Browser [1]. Google released a security update to address the issue on March 1st, but confirmed that the vulnerability was exploited in the wild prior to patch release. All major operating systems including Windows, MacOS, and Linux are affected. Available endpoint telemetry across eSentire customers indicates vulnerable versions of Chrome are still widely in use. It is highly recommended to update Chrome as soon as is feasible.

What are we doing about it

What you should do about it

Additional information

CVE-2019-5786 was first discovered in late February by security researcher Clement Lecigne. The vulnerability resides in Google Chrome's FileReader API. When exploited a remote and unauthenticated threat actor could execute malicious code, which escapes from the in Chrome security sandbox and executes on the host machine.

Technical details on CVE-2019-5786 remain minimal at this time as Google will not release additional details until the majority of users have implemented the security patch.

References:

[1] https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html

View Most Recent Advisories