Users are advised to update their Google Chrome browser asap on all devices to the latest version, 72.0.3626.121. The security issue patched by this update is is a zero-day vulnerability, rated as “high severity” and “Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild.” Please note that all previous versions of Google Chrome are vulnerable to attacks exploiting CVE-2019-5786.
The security issue is a use-after-free-flaw or a memory mismanagement bug in the browser FileReader API designed to allow the browser to access and read locally stored files, which could potentially allow an attacker to execute arbitrary code and take over a device, or trigger a denial of service. Possible exploit consequences include data deletion and the installation of malware.
To manually update Google Chrome on a Mac:
- Open Google Chrome
- Click Chrome, About Google Chrome
- You will see the current version of Google Chrome running. Click Relaunch to apply any available update.
- Following a relaunch, you will see the following, informing you that Google Chrome is up to date.
- For instructions on how to manually update Google Chrome on a PC, see: https://support.google.com/chrome/answer/95414?co=GENIE.Platform%3DDesktop&hl=en
- For instructions on how to manually update Google Chrome on an Android device, see: https://support.google.com/chrome/answer/95414?co=GENIE.Platform%3DAndroid&hl=en&oco=1
- For instructions on how to manually update Google Chrome on an iPhone/iPad, see: https://support.google.com/chrome/answer/95414?co=GENIE.Platform%3DiOS&hl=en&oco=1