Google Alerts Users to Update Chrome as Attackers are “Actively Exploiting” a Bug

After announcing a zero-day vulnerability that it said attackers are “actively exploiting”, Google has alerted the users of its Chrome browser to update to the latest version right away, Engadget ^(https://www.engadget.com/2019/03/07/chrome-update-zero-day/) is reporting. If you’re on Chrome’s stable channel, then the latest update should install version 72.0.3626.121 with the fix.

Google

According to Chrome security engineer Justin Schuh, what makes this bug different from previous exploits is that  the browser needs to be restarted for the fix to take effect. 

Google’s blog post also notes that the bug was being used in concert with a second exploit attacking the Windows operating system, although it may only impact people running Windows 7 32-bit systems.

“Pursuant to Google’s vulnerability disclosure policy, when we discovered the vulnerability we reported it to Microsoft. Today, also in compliance with our policy, we are publicly disclosing its existence, because it is a serious vulnerability in Windows that we know was being actively exploited in targeted attacks. The unpatched Windows vulnerability can still be used to elevate privileges or combined with another browser vulnerability to evade security sandboxes”.

Google has also confirmed that Microsoft is already working on a fix, although no exact date has been provided for its release.