According to Google’s official blog, Google has recently released an updated version of the Chrome web browser in order to fix a serious zero-day vulnerability knows as CVE-2019-5786 in the common vulnerabilities and exposure database. This vulnerability exists in the way Chrome handles the FileReader API when used from the JavaScript scripts.
Usually, the FileReader API is used to read local files only through user interaction, for example, when a user browses and selects a file. But through the exploitation of this vulnerability, a malicious script can access files on your local hard drive without any user interaction. This means that a malicious website can read your local files including your saved login credentials and pictures, just because you visited that website in the Chrome web browser. Of course, Chrome should also be running with elevated privileges for anyone to really wreck havoc in a target computer.
Since FileReader API can be used through JavaScript on all the platforms, it affects all the Chrome supported platforms. Fortunately, Google was very quick in fixing this vulnerability and has already released the patched versions of the Chrome for all platforms and all of the Chrome users are urged to update to the latest version of the browser to avoid any possible attacks.
This vulnerability has been patched with the latest browser update (version 72.0.3626.121). There is evidence that the vulnerability was actively exploited by hackers, which is why it is recommended to immediately update Chrome on all platforms.
If you are using Chrome browser on Windows , Mac or Linux , then you can open the version page (chrome://settings/help) and Chrome will automatically check for the latest update. For the mobile version of web browser for Android smartphones, you can just visit the Play store for updating to the new version.
For more information about the vulnerability and the updates for your Chrome browser, you can visit https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html.