Google
has released a new stable version of its Internet surfing software equipped
with a patch for a zero-day vulnerability that is reportedly being exploited in
the wild. The flaw, if exploited, can allow an attacker to gain full access to the
victim’s machine.

Last month, Clement Lecigne of Google’s Threat Analysis Group revealed that Chrome suffered from a “use-after-free” vulnerability (CVE-2019-5786) in the FileReader component of the Chrome browser. FileReader is an API that lets web applications asynchronously read the contents of files (or raw data buffers) stored on the user’s computer, using File or Blob objects to specify the file or data to read. A bad actor leveraging the use-after-free flaw can perform remote code execution attacks.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google says in a blog post. “We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

The
Internet giant says it is aware of reports that an exploit for this
vulnerability exists in the wild. The flaw is present in all desktop versions
of Chrome (Windows, macOS, Linux).

As
Google itself said in the above citation, the technicalities are still under
tight wraps until enough people apply the patch, which can be found in the Help
menu – About Google Chrome. If you don’t know where that is, just paste this
path – chrome://settings/help – in your browser’s URL bar and hit Enter. At the
end of the updating process, your browser should be at version 72.0.3626.121 or
higher. Get patching!