Google has issued out warning to users to immediately update their Chrome browser or risk having their system hijacked remotely.
The security breach which is on the desktop version of Chrome, came into being due to a use-after-free condition in the Chrome FileReader which lets software built into websites access data stored on a user's computer.
Though Google has rolled out an update released to Chrome stable channel - version 72.0.3626.121, the flaw was already being exploited in the wild even before the tech giant rolled a patch.
While rolling out the update, Google intentionally left out the changelog so as to avoid releasing information on the bug which might aid hackers to exploit the bug on those who haven't applied the update yet.
"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google noted in a blog post. "We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed."
However, in a revised announcement on Tuesday, the company noted that the Chrome 72.0.3626.121 update included a fix for a high-priority vulnerability CVE-2019-5786 that was reported towards the end of February by Clement of Google's Threat Analysis Group.
"Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild," said. "We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel."
The Chrome vulnerability, according to Threat advisory, CVE-2019-5786 came to be due to a use-after-free condition in the Google Chrome's FileReader., which is an API that allows web apps to access the files stored on the users computer.
Now, the vulnerability is said to allow malicious code to bypass Chrome's security sandbox, allowing any attacker to run malicious code on the victim's machine.
The attacker can install programs, view or delete data and as well create new accounts. However, this depends on the privilege grant to the Chrome browser.
Google's lead security engineer Justin Schuh warned Chrome users to update their Chrome installs to avoid falling victim to the exploit.
To update your Chrome browser, users are to select the Help Option from the browser's menu bar and then the About Google Chrome option.