Guard against use-after-free vulnerability in Google Chrome FileReader API
Vulnerable Google Chrome before 72.0.3626.121
On March 1st, Google published an advisory for a use-after-free in the Chrome implementation of the FileReader API (CVE 2019-5786).
The exploit leads to code execution in the Renderer process, and a second exploit was used to fully compromise the host system.
Clement Lecigne from Google Threat Analysis Group reported, an Internet attack has been found to exploit the vulnerability in the wild and targeting Windows 7, 32-bit platforms. The vulnerability, in conjunction with Windows win32k.sys kernel privilege escalation vulnerability (CVE-2019-0808), allows the attacker to bypass the Chrome sandbox on the target host to execute arbitrary code.
This vulnerability lets malicious code escape from being identified via Chrome’s
security sandbox, allowing cyber criminals to run malicious code on victim’s machine.
Mitigation (On Host Device):
1. Upgrade your Chrome browser to the latest version
Default installation of Chrome will install updates automatically, and users running the latest version of Chrome are already protected against that bug. To make sure you’re running the patched version, visit chrome://version, the version number displayed on the page should be 72.0.3626.121 or greater.
2. Fix Windows win32k.sys kernel privilege escalation vulnerability
Mitigation (On Network):
1. Deploy advanced protection
With ZyWALL USG or ATP to detect and mitigate the attacks exploiting the flow on the network level.
(1) Content Filter / Botnet Filter
To prevent accessing the malicious link that attacker builds to trigger the vulnerability.
Update to the latest version of IDP signature and then enable the IDP function to protect your host.
2019-08-21: Initial release