Google strongly recommends that users of Chrome update their browsers, because in the Blink engine was found dangerous vulnerability, allowing a remote attacker to execute code, gain access to important information, and launch DoS attacks.The security issue, identified by CVE-2019-5869, affects Blink, an open source engine that is just used in Chrome.
“A vulnerability has been discovered in Google Chrome which could result in arbitrary code execution. This vulnerability is a use-after-free vulnerability in Blink that can be exploited if a user visits, or is redirected to, a specially crafted web page”, — reports Center for Internet Security, a non-profit organization.
As you know, the engines are the heart of every browser, it is they who are responsible for displaying HTML documents and web pages to the user.
Launched back in 2013, Blink was specifically designed as part of the Chromium project.
A recently discovered flaw allowed an attacker to execute arbitrary code in a browser context. Thanks to this, an attacker could collect confidential information, circumvent various security measures and even provoke denial-of-service (DoS).
“The capabilities of the attacker using this vulnerability depended on the rights that the application had. In the event of a successful attack, the offender could install programs, view, modify or delete data, and even create new accounts with full user rights”, — writes Center for Internet Security.
To exploit the vulnerability, it was enough to direct the victim to a special web page.
With the release of Google Chrome version 76.0.3809.132, the security issue is no longer a threat. However, it is worth remembering that all versions before it still contain the gap described above.
Center for Internet Security recommend the following actions be taken:
- Apply the stable channel update provided by Google to vulnerable systems immediately after appropriate testing.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
- Apply the Principle of Least Privilege to all systems and services.
User Review( votes)