If you’re using Google Chrome, you should update your browser right away.
The Chrome team recently released a critical update that fixes a zero-day vulnerability that they say attackers are “actively exploiting.”
Chrome security engineer Justin Schuh explained why updating is essential with this particular vulnerability in a series of tweets. According to Schuh, past zero-day vulnerabilities targetted Chrome through Flash.
Chrome handles Flash as a plugin component, which means the team could update it separately from Chrome and switch the browser to the new plugin version without any user interaction.
https://twitter.com/justinschuh/status/1103763265119707136
Schuh says this exploit targets Chrome code directly, instead of going through Flash. As such, the patch comes through a Chrome update and requires a browser restart.
Google pushed the update out to all Chrome platforms on March 1st, so your browser should already have the update. You may still need to restart your browser to apply it, however.
To check, click on the menu button in the top right of the browser (the three dots). Go down to ‘Help,’ then click ‘About Google Chrome.’ Make sure it says ‘Chrome is up to date’ and lists version number 72.0.3626.121 or higher. If it does, you’re good to go. If not, you can update Chrome from this menu and restart the browser to apply the update.
Google also reported a second zero-day vulnerability in Microsoft Windows that attackers were using in tandem with the Chrome vulnerability.
https://twitter.com/justinschuh/status/1103763266445037568
Google strongly believes the Windows security flaw can only be exploited in Windows 7, thanks to new exploit protections added in later versions of Windows. Further, the company has only observed active exploitation against Windows 7 32-bit systems.
As per Google’s vulnerability disclosure policy, the company reported the Windows exploit to Microsoft when they discovered it. Further, Google has now disclosed the existence of the vulnerability as per its policy. Microsoft is working on a fix for the flaw.
Ultimately, Google suggests the best way to protect yourself is to upgrade to Windows 10. As for the Chrome flaw, make sure you’re up to date on that front as well, and you should be fine.
You can learn more about the vulnerability here.
MobileSyrup may earn a commission from purchases made via our links, which helps fund the journalism we provide free on our website. These links do not influence our editorial content. Support us here.