Google recommends updating Chrome due to vulnerability in Blink engine

by Brendan Smith
August 29, 2019

Google strongly recommends that users of Chrome update their browsers, because in the Blink engine was found dangerous vulnerability, allowing a remote attacker to execute code, gain access to important information, and launch DoS attacks.

The security issue, identified by CVE-2019-5869, affects Blink, an open source engine that is just used in Chrome.

“A vulnerability has been discovered in Google Chrome which could result in arbitrary code execution. This vulnerability is a use-after-free vulnerability in Blink that can be exploited if a user visits, or is redirected to, a specially crafted web page”, — reports Center for Internet Security, a non-profit organization.

As you know, the engines are the heart of every browser, it is they who are responsible for displaying HTML documents and web pages to the user.

Launched back in 2013, Blink was specifically designed as part of the Chromium project.

A recently discovered flaw allowed an attacker to execute arbitrary code in a browser context. Thanks to this, an attacker could collect confidential information, circumvent various security measures and even provoke denial-of-service (DoS).

“The capabilities of the attacker using this vulnerability depended on the rights that the application had. In the event of a successful attack, the offender could install programs, view, modify or delete data, and even create new accounts with full user rights”, — writes Center for Internet Security.

To exploit the vulnerability, it was enough to direct the victim to a special web page.

Read also: Cybercriminals used Google Drive for targeted phishing

With the release of Google Chrome version 76.0.3809.132, the security issue is no longer a threat. However, it is worth remembering that all versions before it still contain the gap described above.

Center for Internet Security recommend the following actions be taken:

  • Apply the stable channel update provided by Google to vulnerable systems immediately after appropriate testing.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
  • Apply the Principle of Least Privilege to all systems and services.
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Brendan Smith

Cybersecurity analyst with 15+ years digging into malware and threats, from early days reverse-engineering trojans to leading incident responses for mid-sized firms.

At Gridinsoft, I handle peer-reviewed breakdowns of stuff like AsyncRAT ransomware—last year, my guides helped flag 200+ variants in real scans, cutting cleanup time by 40% for users. Outside, I write hands-on tutorials on howtofix.guide, like step-by-step takedowns of pop-up adware using Wireshark and custom scripts (one post on VT alternatives got 5k reads in a month).

Certified CISSP and CEH, I’ve run webinars for 300+ pros on AI-boosted stealers—always pushing for simple fixes that stick, because nobody has time for 50-page manuals. Tools of the trade: Splunk for hunting, Ansible for automation, and a healthy dose of coffee to outlast the night shifts.

View all posts

Leave a Reply

Sending