Google Chrome is a free internet browser provided with Zebra devices running GMS operating systems.
On February 27th, 2019, Google announced it had uncovered a high-risk vulnerability within the browser, identified as CVE-2019-5786. A malicious actor could exploit the memory management within the Chrome FileReader, using Flash as the first exploit in a chain. There have been reports of active exploitation. Per Google:
We strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows. To date, we have only observed active exploitation against Windows 7 32-bit systems.
Google issued a new Chrome release on March 1st to address this vulnerability. Additional information about the release can be found on Google's site.
Zebra strongly recommends all customers running Chrome ensure their devices have automatically downloaded the latest Chrome release (72.0.3626.121 or later) and that devices have been restarted to apply the update. While most Chrome updates occur automatically, a system restart is required in this case. Additionally, devices where automatic updates have been disabled will need to be manually updated.
Google has reported a second vulnerability related to Microsoft Windows to Microsoft. Per Google:
The unpatched Windows vulnerability can still be used to elevate privileges or, combined with another browser vulnerability, to evade security sandboxes. Microsoft have told us they are working on a fix.
Zebra will continue to post information to this area as we are informed of recommended patches.