Update Google Chrome: Critical zero-day bug discovered
What's the story
Google's security team has warned about a major vulnerability in Chrome, calling on users to update their browsers immediately.
The vulnerability, which has been classified as a zero-day flaw, affects old versions of the browser and already appears to be under attack in the wild.
So, if not updated, your browser will be at risk.
Here's more on the issue and its fix.
Issue
What is this 'zero-day' vulnerability
A zero-day vulnerability is a security flaw that a developer fails to detect - and address - unless it goes public.
In this particular case, CVE-2019-5786, discovered by Clement Lecigne of Google's Threat Analysis Group, is Chrome's zero-day.
It has been described as an issue of 'high' severity but Google has not given specific details of the attack or its impact.
Information
Vulnerability probably deals with FileReader API
Google said CVE-2019-5786 deals with 'Use-after-free' in FileReader. Now, this indicates the issue revolves around the FilerReader API responsible for letting web apps read local computer data. Also, do note that 'use-after-free' category of bugs allow for the execution of malicious code at most.
Issue
Plus, the flaw is already under attack
Google has kept exact information under the hood to prevent the bug from being exploited before most users jump to the latest version.
"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," the company said in a blog post.
It even claimed that some reports suggest an exploit for this bug already exists.
Update
Update available for all major platforms
Having said that, it is highly recommended to update Google Chrome on all the platforms you use.
The update for Windows, Mac, and Linux comes with version 72.0.3626.121 and has been available since Friday; head to chrome://settings/help to start the download manually.
Notably, a patch for Chrome OS and Android users has been also been released over the last few days.
Twitter Post
Even Chrome's principal engineer has called users to update
Also, seriously, update your Chrome installs... like right this minute. #PSA
— Justin Schuh 🗑 (@justinschuh) March 6, 2019