Google says you should update Chrome to patch a security exploit Google also found an exploit in Windows 7 that attackers are using along with the Chrome flaw By Jonathan Lamont@Jon_LamontMAR 8, 201911:03 AM EST0 COMMENTS
If you’re using Google Chrome, you should update your browser right away. The Chrome team recently released a critical update that fixes a zero-day vulnerability that they say attackers are “actively exploiting.” Chrome security engineer Justin Schuh explained why updating is essential with this particular vulnerability in a series of tweets. According to Schuh, past zero-day vulnerabilities targetted Chrome through Flash. Chrome handles Flash as a plugin component, which means the team could update it separately from Chrome and switch the browser to the new plugin version without any user interaction. Schuh says this exploit targets Chrome code directly, instead of going through Flash.
As such, the patch comes through a Chrome update and requires a browser restart. Google pushed the update out to all Chrome platforms on March 1st, so your browser should already have the update. You may still need to restart your browser to apply it, however.
To check, click on the menu button in the top right of the browser (the three dots). Go down to ‘Help,’ then click ‘About Google Chrome.’ Make sure it says ‘Chrome is up to date’ and lists version number 72.0.3626.121 or higher. If it does, you’re good to go. If not, you can update Chrome from this menu and restart the browser to apply the update. Google also reported a second zero-day vulnerability in Microsoft Windows that attackers were using in tandem with the Chrome vulnerability.
Google strongly believes the Windows security flaw can only be exploited in Windows 7, thanks to new exploit protections added in later versions of Windows. Further, the company has only observed active exploitation against Windows 7 32-bit systems. As per Google’s vulnerability disclosure policy, the company reported the Windows exploit to Microsoft when they discovered it. Further, Google has now disclosed the existence of the vulnerability as per its policy. Microsoft is working on a fix for the flaw. Ultimately, Google suggests the best way to protect yourself is to upgrade to Windows 10. As for the Chrome flaw, make sure you’re up to date on that front as well, and you should be fine. You can learn more about the vulnerability here.