Security News > 2019 > March > Zero-day Chrome/Windows combo actively exploited in the wild
2019-03-08 08:38
We now know why a number of Googlers made a point to urge users to implement the latest Chrome update as soon as possible: the vulnerability (CVE-2019-5786) is definitely being actively exploited in conjunction with another zero-day in Windows. The danger of a Chrome / Windows exploit The Windows bug is a local privilege escalation in the Windows win32k.sys kernel driver that can be used as a security sandbox escape, says Google threat analyst Clement … More → The post Zero-day Chrome/Windows combo actively exploited in the wild appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/PSEcQm-SvUI/
Related news
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 (source)
- New Windows zero-day exploited by 11 state hacking groups since 2017 (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-27 | CVE-2019-5786 | Use After Free vulnerability in Google Chrome Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | 6.5 |