Google published an advisory for a use-after-free in the Chrome implementation of the FileReader API (CVE 2019-5786). The exploit leads to code execution in the Renderer process, and was used to fully compromise the host system.
Key Pointers:
- Understanding the severity and the scope of impact
- Understanding how the exploit works for the vulnerability
- Covering the prerequisites for preparing the setup
- Exploit demonstration for Google Chrome
- Mitigations for preventing such attacks
