A couple of days ago, Google rolled out an emergency update for the Chrome browser. Users are recommended to install the update as soon as possible as it resolves an arbitrary code execution vulnerability that can be triggered by visiting a malicious website.
A vulnerability has been discovered in Google Chrome which could result in arbitrary code execution. This vulnerability is a use-after-free vulnerability in Blink that can be exploited if a user visits, or is redirected to, a specially crafted web page.
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser, obtain sensitive information, bypass security restrictions and perform unauthorized actions, or cause denial-of-service conditions.
Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.
The bug is in the Blink open-source rendering engine, which means that other browsers that are based on Chromium are also vulnerable. For example, this includes the new Microsoft Edge browser.