topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 6:25 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Serious Chrome zero-day – Google says update “right this minute” (06 MAR 2019)  (Read 8084 times)

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
Details are scarce as it seems Google is withholding information until more people have had a chance to update to a version of Chrome which doesn't have the vulnerability. This is the most specific information I found:

According to the official release notes, this vulnerability involves a memory mismanagement bug in a part of Chrome called FileReader.

That’s a programming tool that makes it easy for web developers to pop up menus and dialogs asking you to choose from a list of local files, for example when you want to pick a file to upload or an attachment to add to your webmail.

When we heard that the vulnerability was connected to FileReader, we assumed that the bug would involve reading from files you weren’t supposed to.

Ironically, however, it looks as though attackers can take much more general control, allowing them to pull off what’s called Remote Code Execution, or RCE.

RCE almost always means a crooks can implant malware without any warnings, dialogs or popups.

Just tricking you into looking at a booby-trapped web page might be enough for crooks to take over your computer remotely.

I'm curious if this affects all Chromium-based browsers. :-\

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
After reading this article: https://thehackernew...gle-chrome-hack.html

I'd be inclined to err on the side of yes ... As it seems to be baked in at a fairly low - likely to be shared - level.

hamradio

  • Charter Honorary Member
  • Joined in 2006
  • ***
  • Posts: 825
  • Amateur Radio Guy
    • View Profile
    • HamRadioUSA.net
    • Read more about this member.
    • Donate to Member
For Vivaldi you can do: vivaldi://settings/help

The latest version of Vivaldi which uses Chromium for me shows: 72.0.3626.122

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
For Vivaldi you can do: vivaldi://settings/help

The latest version of Vivaldi which uses Chromium for me shows: 72.0.3626.122

Then it sounds like Vivaldi has been patched. :Thmbsup:

the version you want is 72.0.3626.121 [or newer], released at the start of March 2019.

skwire

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 5,286
    • View Profile
    • Donate to Member
The latest version of Vivaldi which uses Chromium for me shows: 72.0.3626.122

Do a manual update from the "Help > Check for Updates..." menu item.  Latest Chromium version is 73.0.3683.67.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
Manual update tells me I'm on the latest version of Vivaldi (2.3.1440.60), where Help -> About tells me it's using Chrome/72.0.3626.122. :huh:

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
https://www.donation...=35862.msg428264#new

The original link (posted there) is https://chromereleas...ate-for-desktop.html.  They tell the issue number, but when you try to go there, it's blocked from general view.

And I didn't even think about updating Brave and Vivaldi.  Thanks for the reminder!

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Thanks for posting this, I've blogged it so other see it.  :up:

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
https://www.donation...=35862.msg428264#new

Thanks for posting that link. I didn't see it because I've ignored that thread because I rarely find its contents "interesting" to me. :-[

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
I ignore it quite a bit also, but happened to catch that one  :Thmbsup:

hamradio

  • Charter Honorary Member
  • Joined in 2006
  • ***
  • Posts: 825
  • Amateur Radio Guy
    • View Profile
    • HamRadioUSA.net
    • Read more about this member.
    • Donate to Member
The latest version of Vivaldi which uses Chromium for me shows: 72.0.3626.122

Do a manual update from the "Help > Check for Updates..." menu item.  Latest Chromium version is 73.0.3683.67.


Vivaldi is a little behind in the Chromium versions I just wanted to see if it was above the zero-day version.

As it is why I said what I did and also what deo said later...

For Vivaldi you can do: vivaldi://settings/help

The latest version of Vivaldi which uses Chromium for me shows: 72.0.3626.122

Manual update tells me I'm on the latest version of Vivaldi (2.3.1440.60), where Help -> About tells me it's using Chrome/72.0.3626.122. :huh:

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member