Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about the example analysis of chrome's exploitation of 0day vulnerabilities in opposition, which may not be well understood by many people. in order to make you understand better, the editor has summarized the following for you. I hope you can get something according to this article.

0x00 vulnerability background

On March 6, Beijing time, 360CERT monitored that the chrome browser released a version update (72.0.3626.119-> 72.0.3626.121), fixing the CVE-2019-5786 used in the field. The harm of the loophole is more serious and the impact is greater.

0x01 vulnerability details

CVE-2019-5786 is a UAF vulnerability located in FileReader, which was reported by Google's Threat Analysis Group's Clement Lecigne in 2019-02-27. No other details have been released.

Compare the source code of the two versions

Some changes have been found in third_party/blink/renderer/core/fileapi/file_reader_loader.cc. Copy the ArrayBuffer when partial results are returned to avoid multiple references to the same underlying ArrayBuffer.

0x02 security recommendations

Users who use chrome browsers please open the chrome://settings/help page to view the current browser version. If it is not the latest version (72.0.3626.121), it will automatically check for upgrades and can be updated to the latest version after reboot. Other browser vendors using the chromium kernel also need to self-check according to the patch.

After reading the above, do you have any further understanding of the example analysis of chrome exploiting 0day vulnerabilities in the wild? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.