Security News > 2019 > March > Zero-day Chrome/Windows combo actively exploited in the wild
2019-03-08 08:38
We now know why a number of Googlers made a point to urge users to implement the latest Chrome update as soon as possible: the vulnerability (CVE-2019-5786) is definitely being actively exploited in conjunction with another zero-day in Windows. The danger of a Chrome / Windows exploit The Windows bug is a local privilege escalation in the Windows win32k.sys kernel driver that can be used as a security sandbox escape, says Google threat analyst Clement … More → The post Zero-day Chrome/Windows combo actively exploited in the wild appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/PSEcQm-SvUI/
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- New Windows Themes zero-day gets free, unofficial patches (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-27 | CVE-2019-5786 | Use After Free vulnerability in Google Chrome Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | 6.5 |