Google warns that two zero day vulnerabilities are actively exploited in attacks against its Chrome web browser running on Microsoft's Windows operating system, and advises users to update their installations as quickly as possible .
Chrome Security Manager Justin Schuh said the current chained exploits were different from previous attacks because they directly targeted Web browser code, not plug-ins.
This meant that, unless users manually restart their browsers after they were updated, they could still remain vulnerable.
The last 0 days have targeted Chrome using Flash as the first exploit of the chain. Since Flash is a plug-in component, we could update it separately, and once updated, Chrome would switch to silent mode on Flash, without restarting the browser or user intervention. [2/3]
– Justin Schuh (@justinschuh) March 7, 2019
The full details of the Chrome Fault CVE-2019-5786 are still implied, but this implies a memory usage after the release of the bug in the programming interface of the FileReader application.
FileReader allows websites to access local files on computers. An undefined usage vulnerability could allow attackers to execute arbitrary code on users' computers.
The second part of the attack chain has a local privilege escalation vulnerability in the Windows kernel driver (win32k.sys).
According to Clement Lecigne of Google's threat analysis group, the vulnerability is a null pointer dereference in win32k! MNgetpItemFromIndex when the system call NtUserMNDragOver () is called in specific circumstances.
This can be used by malicious code to get out of the security sandbox, but Google firmly believes that this vulnerability can only be exploited in Windows 7.
To date, Google has stated that it has seen active exploitation of the flaw against Windows 7 32-bit.
Google has reported the vulnerability to Microsoft working on a fix.
To limit win32k.sys elevation of privilege vulnerability, Google suggests users to consider upgrading to Windows 10 and applying Microsoft patches when they become available.