The Google security team recently released a statement that a known exploit CVE-2019-5786 exists in the wild.

The team is urging users to update their browser TODAY as a fix has been released.  The exploit effects:

  • Google Chrome prior to 72.0.3626.121
  • Windows, Mac, Linux

They have not released details on the bug as they are waiting for the majority of users to get updated with the fix.  What appears to be know currently is a use-after-free vulnerability in the File Reader component of the browser that leads to remote code execution.

Thanks to security researcher Clement Lecigne, the vulnerability has been found and a fix in place.