Stop what you’re doing and update Google Chrome
Google is urging Chrome users to update the web browser right away to patch a zero-day vulnerability that is being actively exploited.
In a Tuesday tweet, Google Chrome Security and Desktop Engineering Lead Justin Schuh said users should install the latest version of the browser—72.0.3626.121—right away.
“Seriously, update your Chrome installs… like right this minute,” he wrote.
Google started rolling out the patch for Chrome on Windows, Mac, and Linux on Friday. This week, Google revealed that the update corrects a “high” severity flaw—CVE-2019-5786—that has been under attack by cybercriminals.
“Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild,” the web giant said.
A member of Google’s Threat Analysis Group first reported the bug on Feb. 27. At this point, details of the vulnerability are scant, as Google said it’s restricting access to bug details until a majority of users have installed the update.
As ZDNet notes, the vulnerability is “a memory management error in Google Chrome’s FileReader—a web API included in all major browsers that lets web apps read the contents of files stored on the user’s computer.” The bug may allow for the execution of malicious code.
For the most part, Chrome updates are automatic, meaning you don’t have to do much beyond opening and closing the browser window. It can take a few days to a full week for everyone to be automatically updated to the latest version, however. In this case, you should manually trigger the update to ensure that you’re on the latest version as soon as possible.