⚠️Chrome/Chromium zero-day RCE (CVE-2019-5786), actively exploited in the wild. Affected Versions: < 72.0.3626.121
Information is beginning to circulate regarding CVE-2019-5786, a use-after-free (UAF) vulnerability in Chrome's FileReader API. The Chrome security team has indicated that it is being actively exploited in the wild. Details are limited, but the vulnerability is believed to permit remote code execution (RCE).
Some news sources have conflated this with another, less severe issue spotted by EdgeSpot relating to PDF files. Both EdgeSpot and Google have indicated that the issues are unrelated.
CVE-2019-5786 has been patched in Chrome version 72.0.3626.121, currently available on the stable channel. Other Chromium-based browsers, such as Vivaldi, may or may not be affected.