Google says Chrome on Windows combo zero-day exploited in the wild

By on
Google says Chrome on Windows combo zero-day exploited in the wild

Full details of Chrome bug not yet revealed.

Google is warning that two zero-day flaws are being actively exploited in attacks against its Chrome web browser running on Microsoft's Windows operating system, and advises users to update their installations as soon as possible.

Chrome security lead Justin Schuh said the current chained exploits differ from past attacks as they target the web browser code directly, and not plugins.

This meant that unless users manually restart their browsers after updating them, they could still be vulnerable.

Full details of the Chrome CVE-2019-5786 flaw are still under wraps, but it involves a memory use after it's freed bug in the FileReader application programming interface. 

FileReader allows websites access to local files on computers, and a use-after-free vulnerability could allow attackers to execute arbitrary code on users machines.

The second part of attack chain comprises a local privilege escalation vulnerability in the Windows kernel driver (win32k.sys).

Clement Lecigne of Google's Threat Analysis Group said the vulnerability is a NULL pointer dereference in win32k!MNgetpItemFromIndex when the NtUserMNDragOver() system call is called under specific circumstances.

This can be used by malicious code to escape the security sandbox, but Google strongly believes the vulnerability is only exploitable on the older Windows 7.

To date, Google said it has only seen active exploitation of the flaw against Windows 7 32-bit.

Google has reported the vulnerability to Microsoft which is working on a fix.

To mitigate against the win32k.sys privilege escalation vulnerability, Google suggests users consider upgrading to Windows 10, and apply patches from Microsoft when they become available.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?