ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Serious Chrome zero-day – Google says update “right this minute” (06 MAR 2019)

(1/3) > >>

Deozaan:
Details are scarce as it seems Google is withholding information until more people have had a chance to update to a version of Chrome which doesn't have the vulnerability. This is the most specific information I found:

According to the official release notes, this vulnerability involves a memory mismanagement bug in a part of Chrome called FileReader.

That’s a programming tool that makes it easy for web developers to pop up menus and dialogs asking you to choose from a list of local files, for example when you want to pick a file to upload or an attachment to add to your webmail.

When we heard that the vulnerability was connected to FileReader, we assumed that the bug would involve reading from files you weren’t supposed to.

Ironically, however, it looks as though attackers can take much more general control, allowing them to pull off what’s called Remote Code Execution, or RCE.

RCE almost always means a crooks can implant malware without any warnings, dialogs or popups.

Just tricking you into looking at a booby-trapped web page might be enough for crooks to take over your computer remotely.
-https://nakedsecurity.sophos.com/2019/03/06/serious-chrome-zero-day-google-says-update-right-this-minute/
--- End quote ---

I'm curious if this affects all Chromium-based browsers. :-\

Stoic Joker:
After reading this article: https://thehackernews.com/2019/03/update-google-chrome-hack.html

I'd be inclined to err on the side of yes ... As it seems to be baked in at a fairly low - likely to be shared - level.

hamradio:
For Vivaldi you can do: vivaldi://settings/help

The latest version of Vivaldi which uses Chromium for me shows: 72.0.3626.122

Deozaan:
For Vivaldi you can do: vivaldi://settings/help

The latest version of Vivaldi which uses Chromium for me shows: 72.0.3626.122
-hamradio (March 07, 2019, 09:53 AM)
--- End quote ---

Then it sounds like Vivaldi has been patched. :Thmbsup:

the version you want is 72.0.3626.121 [or newer], released at the start of March 2019.-https://nakedsecurity.sophos.com/2019/03/06/serious-chrome-zero-day-google-says-update-right-this-minute/
--- End quote ---

skwire:
The latest version of Vivaldi which uses Chromium for me shows: 72.0.3626.122-hamradio (March 07, 2019, 09:53 AM)
--- End quote ---

Do a manual update from the "Help > Check for Updates..." menu item.  Latest Chromium version is 73.0.3683.67.

Navigation

[0] Message Index

[#] Next page

Go to full version