Google's updated post revealed that the bug, CVE-2019-5786, was reported by a member of Google's Threat Analysis Group and that an exploit for it was already being used by attackers. Basically, the vulnerability is said to let malicious code escape Chrome's security sandbox, allowing an attacker to run malicious code on the victim's machine.
If you're using Google's Chrome browser and have not yet upgraded to the latest available version, do so now or risk being hit by attackers. The Windows vulnerability is a NULL pointer dereference in win32k!MNGetpItemFromIndex when the NtUserMNDragOver () system call is called under specific circumstances. Google said that Microsoft is working on a fix, but did not give out a timeline.
Google said this zero-day may only be exploitable on Windows 7 due to recent exploit mitigations added in Windows 8 and later. First, click the three dotted menu button, scroll down to Help, and click About Google Chrome.
Owners of Windows and Mac computers have been instructed on how to fix a mystery Google Chrome bug, which could be exploited by hackers. That's a departure from many Chrome patches, which work as soon as they're installed. It's not safe to venture out there alone (or at least without the latest browser updates).
Shortly after Google updated the post, Chrome's head of security warned organizations and users to update Chrome installations "like right this minute", noting the company last week dealt with a zero-day "chain", referring to an exploit that uses more than one vulnerability to compromise a computer.
Google Chrome updates are usually automatic, however they don't always roll out to everyone, all at once.