Menlo’s Isolation Platform stops yet another browser exploit in its tracks

Menlo customers are 100% protected against a recent zero-day exploit in Google Chrome. The exploit CVE-2019-5786 is being actively used in limited attacks.

The exploit works by chaining two different vulnerabilities. One is the zero-day Chrome browser vulnerability. The other vulnerability that is in the Windows kernel. The combined vulnerability means a Chrome user on Windows 7 can have their machine infected by merely visiting a malicious site. This blend of OS and browser systems is typical across many organizations, and thus it is a risk organizations must address. Google was fast in responding, and forced an update on their browser. However, there may still be a risk for many customers using other browsers (IE, Firefox, etc.) running on a vulnerable Windows 7 OS.

The specific flaw is related to the FileReader API that is enabled by default on Chrome and used by websites when a user uploads files (i.e., clicking on “Upload file” on a webpage). The API defect is related to memory allocation, meaning an attacker can leverage issues with how Chrome manages memory to run malicious code and use the vulnerability in Windows to compromise the end-user’s machine.

Customers using the Menlo Security Isolation Platform (MSIP) are protected against such vulnerabilities by design! With Menlo, when a user visits a website via the isolation platform, all active content, including the action of calling the FileReader API, is executed in the Menlo Isolation Cloud, which means that any malicious JavaScript attempting to attack the FileReader API executes in an isolated browser, running in Menlo’s cloud-based isolation platform – not on the users’ device!

In this case, there would not have been an infection in the Menlo Security Isolation Platform because of our configurations. In the case of an infection on a dedicated users’ isolated browser session, such infections will NOT reach the end user’s device, since only safe visuals are allowed to traverse from the MSIP to the end-user. In addition, Menlo Security’s cloud architecture does not allow infections to persist, as each isolated browser in the cloud is deleted at the end of each session and we provide a new, clean browser to each user for a new web session.

As with CVE-2018-8653 just a few months ago, this vulnerability is a perfect illustration of the protection provided to our customers by the Menlo Security Isolation Platform. This time, however,  it applies to Chrome users rather than IE users.

Check out the Remote browser adoption overview from Gartner and Magic Quadrant for Secure Web Gateway to see why Menlo continues to be the answer to security concerns.