March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Zero-Day Bug in KDE Executes Commands by Opening a Folder
August 7, 2019Rewterz Threat Alert – Latest Trickbot Campaign Delivered via Highly Obfuscated JS File
August 7, 2019Rewterz Threat Advisory – Zero-Day Bug in KDE Executes Commands by Opening a Folder
August 7, 2019Rewterz Threat Alert – Latest Trickbot Campaign Delivered via Highly Obfuscated JS File
August 7, 2019
Severity
High
Analysis Summary
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could result in arbitrary code execution. These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page. Details of the vulnerabilities are as follows:
- Use-after-free in PDFium ExecuteFieldAction (CVE-2019-5868)
- Out-of-bounds read in V8 (CVE-2019-5867)
Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser, obtain sensitive information, bypass security restrictions and perform unauthorized actions, or cause denial-of-service conditions.
Impact
- DoS
- Arbitrary code execution
Affected Vendors
Affected Products
Google Chrome versions prior to 76.0.3809.100
Remediation
- Apply the stable channel update provided by Google to vulnerable systems immediately after appropriate testing.
- Always be suspicious about emails sent by unknown senders.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.