Warning over 'high severity' security flaw in Google's Chrome web browser being exploited in the wild
Chrome running on all operating systems should be updated, claims security researcher Clement Lecigne
Users of Google's Chrome web browser have been advised to update it as a matter of urgency following the discovery of exploits in the wild for a ‘high severity' security flaw publicised in February.
The security flaw was uncovered by Clement Lecigne, a security engineer in Google's Threat Analysis Group. Classified as a use-after-free vulnerability, the flaw could enable attackers to conduct remote code execution attacks, taking full control of their target's PCs.
While details of the security flaw were withheld - and continue to be withheld - to prevent exploits from being developed, that does not appear to have prevented attackers from taking advantage of the discovery.
"The use-after-free vulnerability is a class of memory corruption bug that allows corruption or modification of data in memory, enabling an unprivileged user to escalate privileges on an affected system or software," according to Hacker News.
The vulnerability, in the FileReader component, "could enable unprivileged attackers to gain privileges on the Chrome web browser, allowing them to escape sandbox protections and run arbitrary code on the targeted system", the report continues.
"It appears to exploit this vulnerability, all an attacker needs to do is tricking victims into just opening, or redirecting them to, a specially-crafted webpage without requiring any further interaction."
A patch is already in the process of being rolled out and users have been urged to update Chrome as a matter of priority.