diff --git a/CHANGELOG.md b/CHANGELOG.md
index d1631c0..6aea361 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 ### Unreleased
 
+ * Improve security by using `File.read` instead of `IO.read` [#148](https://github.com/premailer/css_parser/pull/148)
+
 ### Version v1.17.0
 
  * Added `user_agent` as an option to Parser [#146](https://github.com/premailer/css_parser/pull/146)
diff --git a/lib/css_parser/parser.rb b/lib/css_parser/parser.rb
index 8c9d34a..b5e203a 100644
--- a/lib/css_parser/parser.rb
+++ b/lib/css_parser/parser.rb
@@ -486,7 +486,7 @@ def load_file!(file_name, options = {}, deprecated = nil)
       return unless File.readable?(file_name)
       return unless circular_reference_check(file_name)
 
-      src = IO.read(file_name)
+      src = File.read(file_name)
 
       opts[:filename] = file_name if opts[:capture_offsets]
       opts[:base_dir] = File.dirname(file_name)