On March 1, Google announced the availability of Google Chrome version 72.0.3626.121 for Windows, Mac and Linux. On March 5 and March 7, Google provided additional context about this release. According to Google, Chrome 72.0.3626.121 addresses CVE-2019-5786, a Use-After-Free (UAF) vulnerability in FileReader, an application programming interface (API) included in browsers to allow web applications to read the contents of files stored on a user’s computer. This vulnerability was used in conjunction with a local privilege escalation zero day vulnerability in the Windows win32k.sys kernel driver. Microsoft is aware of the Windows zero day and is currently working on a fix.

For more information, please visit the Tenable blog.