Chrome is the most popular browser on the web by a huge margin, so it should come as no surprise that hackers are trying to crack it again.
They’re relying on a zero-day flaw found in the desktop and Android versions of Chrome this time. This comes just days after Google’s Project Zero team discovered a critical flaw in the browser’s sandbox mode. Tap or click here to see how to patch that bug.
Unlike with previous security flaws, Google is unusually tight-lipped about how this exploit works. What they are saying, though, is that hackers are abusing the bug right now. If you use Chrome for desktop or Android, you need to update it immediately.
We don’t know what this bug does, but we do know it’s dangerous
Google announced an emergency update for Chrome to fix a critical security flaw that hackers are already exploiting. As of now, there are two new versions of Chrome for users to download: Version 86.0.4240.183 for desktop and version 86.0.4240.185 for Android.
Google isn’t saying how this bug works or what hackers can do with it, but the update comes on the heels of a separate patch that fixed a problem with Chrome’s FreeType font library. Tap or click here to see how hackers could attack you through a malicious font file.
If you update to the latest Chrome version, you won’t have to worry about getting the FreeType patch. This new version contains fixes from the previous update and additional security enhancements, and the new zero-day patch.
Desktop Chrome users can get the patch now as a free update. Android users, on the other hand, have a tougher situation.
Because there are so many different kinds of Android devices, Google isn’t rolling out the Chrome patch to every device at once. If no update is available, you may need to use an alternative browser for a while.
How can I protect myself and get the patch?
Updating the desktop version of Chrome is easy. If you don’t see the update just yet, you may have to wait a few days for it to reach your device. You’re also safe to update if Google releases a newer version in the meantime.
Follow these steps to update your browser:
- Click the three-dot icon in the upper-right corner of the Chrome browser window.
- Click Settings.
- Click About Chrome from the bottom of the left-hand sidebar.
- If an update is available for you, it will appear under the Chrome logo. You will be asked to install and relaunch your browser to complete the update.
Android users will need to update their browser to get the latest version of Chrome.
- On your device, open the Google Play Store.
- At the top left, tap Menu And then My apps & games.
- Under Updates, look for Chrome Chrome.
- Next to Chrome, tap Update.
The new update will be version 86.0.4240.185. If you don’t see it, Google hasn’t pushed it for your device yet.
Because Google said getting updates to every Android device may take some time, it’s a good idea to switch to another browser for now. We’d recommend using Firefox due to its enhanced security features.
Once you’ve installed Firefox, tap the three-dot icon followed by Settings. Then, tap Set as default browser to change Firefox to your default web browser. This will prevent Chrome from opening up when you tap on links.
Check your updates regularly to see if the new version of Chrome is available. It may be a few weeks before it reaches your device, but you’ll be better off if you stay on the safe side and avoid using the browser.
Google explicitly warns that hackers exploit this bug against Android users, so use caution when browsing the web. It’s easy enough to get hacked on Android as it is.