Security News > 2019 > March > Zero-day Chrome/Windows combo actively exploited in the wild
2019-03-08 08:38
We now know why a number of Googlers made a point to urge users to implement the latest Chrome update as soon as possible: the vulnerability (CVE-2019-5786) is definitely being actively exploited in conjunction with another zero-day in Windows. The danger of a Chrome / Windows exploit The Windows bug is a local privilege escalation in the Windows win32k.sys kernel driver that can be used as a security sandbox escape, says Google threat analyst Clement … More → The post Zero-day Chrome/Windows combo actively exploited in the wild appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/PSEcQm-SvUI/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-27 | CVE-2019-5786 | Use After Free vulnerability in Google Chrome Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | 6.5 |