Menlo customers are 100% protected against a recent zero-day exploit in Google Chrome. The exploit CVE-2019-5786 is being actively used in limited attacks.
The exploit works by chaining two different vulnerabilities. One is the zero-day Chrome browser vulnerability. The other vulnerability that is in the Windows kernel. The combined vulnerability means a Chrome user on Windows 7 can have their machine infected by merely visiting a malicious site. This blend of OS and browser systems is typical across many organizations, and thus it is a risk organizations must address. Google was fast in responding, and forced an update on their browser. However, there may still be a risk for many customers using other browsers (IE, Firefox, etc.) running on a vulnerable Windows 7 OS.
The specific flaw is related to the FileReader API that is enabled by default on Chrome and used by websites when a user uploads files (i.e., clicking on "Upload file" on a webpage). The API defect is related to memory allocation, meaning an attacker can leverage issues with how Chrome manages memory to run malicious code and use the vulnerability in Windows to compromise the end-user’s machine.
In this case, there would not have been an infection in the Menlo Security Isolation Platform because of our configurations. In the case of an infection on a dedicated users' isolated browser session, such infections will NOT reach the end user’s device, since only safe visuals are allowed to traverse from the MSIP to the end-user. In addition, Menlo Security's cloud architecture does not allow infections to persist, as each isolated browser in the cloud is deleted at the end of each session and we provide a new, clean browser to each user for a new web session.
As with CVE-2018-8653 just a few months ago, this vulnerability is a perfect illustration of the protection provided to our customers by the Menlo Security Isolation Platform. This time, however, it applies to Chrome users rather than IE users.