Chrome code execution execution – CVE-2019-5869

 In Security Alerts

SYSTEMS AFFECTED

  • Google Chrome versions prior to 76.0.3809.132

 

THREAT LEVEL

  • Medium

OVERVIEW

A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

DESCRIPTION

This vulnerability is a use-after-free vulnerability in Blink that can be exploited if a user visits, or is redirected to, a specially crafted web page.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser, obtain sensitive information, bypass security restrictions and perform unauthorized actions, or cause denial-of-service conditions.

SOLUTION

  • Update to the latest stable version of Chrome

 

REFERENCE

  1. https://www.moneycontrol.com/news/trends/new-security-vulnerability-discovered-in-google-chrome-allows-hackers-to-access-sensitive-user-data-4400411.html
  2. https://chromereleases.googleblog.com/2019/08/stable-channel-update-for-desktop_26.html
  3. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5869

CREDITS

@Office of Information Technology Services

DISCLAIMER

The information provided herein is on “as is” basis, without warranty of any kind.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt