Google Chrome updated to fix remote code execution bug

Posted on Tuesday, September 03 2019 @ 10:36 CEST by Thomas De Maesschalck
GOOG logo
A couple of days ago, Google rolled out an emergency update for the Chrome browser. Users are recommended to install the update as soon as possible as it resolves an arbitrary code execution vulnerability that can be triggered by visiting a malicious website.
A vulnerability has been discovered in Google Chrome which could result in arbitrary code execution. This vulnerability is a use-after-free vulnerability in Blink that can be exploited if a user visits, or is redirected to, a specially crafted web page.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser, obtain sensitive information, bypass security restrictions and perform unauthorized actions, or cause denial-of-service conditions.

Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.
The bug is in the Blink open-source rendering engine, which means that other browsers that are based on Chromium are also vulnerable. For example, this includes the new Microsoft Edge browser.

Via: MSPowerUser


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments