Use Chrome? Update Now to Fix Major Security Bug

John Lister's picture

Google has released a security update fixing a major flaw in the Chrome browser. While Chrome normally updates automatically, it's a serious enough problem that it's worth manually checking for updates to the browser in order to be certain.

The bug was highlighted by the Center for Internet Security, a non-profit organization that crowd sources security problems and fixes. It says the flaw could be exploited simply by the user visiting a compromised web page.

It says that: "Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser, obtain sensitive information, bypass security restrictions and perform unauthorized actions, or cause denial-of-service conditions." (Source: cisecurity.org)

The main mitigating factor is whether the user is logged in to their computer's operating system with administrative privileges enabled. If not, the effects of any exploitation would be more limited. The downside is that most users have accounts with administrative access, which means that it is very few users that would not be affected by the bug.

Full Bug Details Kept Secret

There's no word yet on whether the details of the bug are known in the hacking community, or if it's being actively exploited. Google has confirmed the bug exists but isn't publishing any details until it's confirmed "a majority of users" have received a fix. (Source: googleblog.com)

The bug is fixed in the latest edition of the stable channel of Chrome. That's the "standard" version of Chrome used by most people, rather than the various versions that release features early but may be more buggy.

How to Check for Chrome Updates

The updated version is numbered 76.0.3809.132, which includes the bug fix. To check if the latest version is installed, users can click on the settings menu icon (three vertical dots in the top-right corner) then select "Help" and finally "About Chrome."

As well as listing the version number, the resulting screen will confirm if the latest version is installed. If not, there'll be an option to immediately update Chrome, which will involve restarting Chrome in order to apply the update.

What's Your Opinion?

Do you check if your browser is up to date or are you happy to rely on automated updates? Do you know if you use your computer with administrator privileges enabled? Should Google warn users more explicitly about major bugs or is it not a problem as long as fixes are automatically applied?

Rate this article: 
Average: 5 (10 votes)

Comments

Doccus's picture

I don't restart my Mac or log out very often.. sometimes not for many weeks, even. So I had no idea that my Chrome auto update was stuck and was not updating at all.. in fact, I even had to force quit chrome since it wouldn't even restart. So no telling how long i would have continued with version 3809.100 .. although if chrome is trying to update I usually get strange symptoms like having to click the close buttons. I don't know if the fact that all my sites suddenly had me logged out. but restarting Chrome fixed it. Thanks for the heads up...