Google has warned owners of Windows, Mac and Linux computers that they must update their Google Chrome browser immedatly after a 0-day exploit was found and has existed since launch. The exploit was classed as “Severity: High” and Google has warned that this Remote Code Execution exploit is actively being exploited in the wild by attackers targetting Google Chrome users.
The exploit was discovered by Clement Lecigne who works for the Google Threat Analysis Group and reported that the high severity vulnerability in Chrome could allow attackers to execute arbitrary code on a target machine and potentially take full control of the target.
Currently, access to the bug details and links have been restricted until more users have updated their browsers with the fix. They will also futher restrict access to details if the bug exists in other third party libraries until they have been updated.
The exploit is a “Use After Free” vulnerability which is a type of memory corruption flaw that can be leveraged by hackers to execute code. It specifically tries to access memory after it has been freed, which causes the program to crash or result in the execution of arbitary code or even full remote code execution. In Google Chrome, this exploit lies in the FileReader component.
FileReader is a standard API desigbned to allow web applications to read the contents of files on a users computer. The use after free vulnerability in this component could enable a unprivileged attack to gain privleges on the Chrome web browser and then allow them to escape sandbox protections and run code on the targeted system.