Google urges users to update Chrome immediately
Google is urging users to update Chrome across all platforms after a critical vulnerability was discovered and patched.
The vulnerability exploits a security flaw known as CVE-2019-5786. The security flaw is a memory management issue in Chrome’s FileReader which gives hackers the opportunity to inject and execute malicious code. Security researchers at Google and Microsoft have observed attackers using a combination of a patched Chrome vulnerability and an unpatched Windows vulnerability to take advantage of Windows 7 systems.
FileReader is a embedded program in most browsers that allows web apps to read the contents of a user’s local file system. The vulnerability identified by Google allows malicious code to leave Chrome’s security environment and run commands on the underlying OS.
Google is calling this a “zero-day” vulnerability, meaning that the bad guys figured out how to exploit it before the good guys were able to find and patch it.
The patched version of Chrome is 72.0.3626.121, released at the beginning of March 2019. To check your version number, type chrome://settings/help into the address bar. From there, you will be able to see your version number. Just going to that page will trigger an update check, and Chrome will prompt you to relaunch it when finished.
You should switch to a safer, more secure browser that values your privacy and security. You can download the latest version of Firefox here.