Usually, the FileReader API is used to read local files only through user interaction, for example, when a user browses and selects a file. But through the exploitation of this vulnerability, a malicious script can access files on your local hard drive without any user interaction. This means that a malicious website can read your local files including your saved login credentials and pictures, just because you visited that website in the Chrome web browser. Of course, Chrome should also be running with elevated privileges for anyone to really wreck havoc in a target computer.
This vulnerability has been patched with the latest browser update (version 72.0.3626.121). There is evidence that the vulnerability was actively exploited by hackers, which is why it is recommended to immediately update Chrome on all platforms.
If you are using Chrome browser on Windows , Mac or Linux , then you can open the version page (chrome://settings/help) and Chrome will automatically check for the latest update. For the mobile version of web browser for Android smartphones, you can just visit the Play store for updating to the new version.
For more information about the vulnerability and the updates for your Chrome browser, you can visit https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html.