Update Your Google Chrome Browser – NOW!

Google is urging Chrome users to update the web browser right away to patch a zero-day vulnerability that is being actively exploited by attackers. 

In a Tuesday tweet, Google Chrome Security and Desktop Engineering Lead Justin Schuh said users should install the latest version of the browser—72.0.3626.121—right away.  “Seriously, update your Chrome installs… like right this minute,” he wrote.

It’s not often that we hear about a critical vulnerability in Google Chrome, and perhaps it’s even more rare when Google’s own engineers are urging users to patch.

There are several good reasons why you need to take this new Chrome zero-day (CVE-2019-5786) seriously. For starters, we are talking about a full exploitation that escapes the sandbox and leads to remote code execution.  Google is saying that this vulnerability is actively being used in the wild.

According to Clément Lecigne, the person from Google’s Threat Analysis Group who discovered the attack, there is another zero-day that exists in Microsoft Windows (yet to be patched), suggesting the two could be chained up for even greater damage.

Don’t Rely on an Automatic Google Chrome Update

If you are running Google Chrome and its version is below 72.0.3626.121, your computer could be exploited without your knowledge. For the most part, Chrome updates are automatic, meaning you don’t have to do much beyond opening and closing the browser window. However, this threat is so critical to the health of your computer Google is strongly recommending that users manually trigger the update and restart the browser to ensure that you’re on the latest version as soon as possible.

Considering how many users keep Chrome and all their tabs opened for days or even weeks without ever restarting the browser, the security impact is real.

In the meantime, if you haven’t done so yet, you should update and relaunch Chrome; and don’t worry about your tabs, they will come right back.

Sources:

Malwarebytes Labs, Mashable