Guard against use-after-free vulnerability in Google Chrome FileReader API

Zyxel_Forum_Admin

CVE-2019-5786

Vulnerable Google Chrome before 72.0.3626.121

On March 1st, Google published an advisory for a use-after-free in the Chrome implementation of the FileReader API (CVE 2019-5786).

The exploit leads to code execution in the Renderer process, and a second exploit was used to fully compromise the host system.

Clement Lecigne from Google Threat Analysis Group reported, an Internet attack has been found to exploit the vulnerability in the wild and targeting Windows 7, 32-bit platforms. The vulnerability, in conjunction with Windows win32k.sys kernel privilege escalation vulnerability (CVE-2019-0808), allows the attacker to bypass the Chrome sandbox on the target host to execute arbitrary code.

Impact:

This vulnerability lets malicious code escape from being identified via Chrome’s

security sandbox, allowing cyber criminals to run malicious code on victim’s machine.

Mitigation (On Host Device):

1. Upgrade your Chrome browser to the latest version

Default installation of Chrome will install updates automatically, and users running the latest version of Chrome are already protected against that bug. To make sure you’re running the patched version, visit chrome://version, the version number displayed on the page should be 72.0.3626.121 or greater.

2. Fix Windows win32k.sys kernel privilege escalation vulnerability

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0808

Mitigation (On Network):

1. Deploy advanced protection

With ZyWALL USG or ATP to detect and mitigate the attacks exploiting the flow on the network level.

(1) Content Filter / Botnet Filter

To prevent accessing the malicious link that attacker builds to trigger the vulnerability.

(2) IDP

Update to the latest version of IDP signature and then enable the IDP function to protect your host.

Revision history

2019-08-21: Initial release