Cybercriminals are constantly engaging in an arms race with tech companies. The moment a buggy piece of software is patched, hackers figure out a way to break it, which then prompts the tech companies to release yet another fix. It’s a vicious cycle, but it’s one that’s necessary to keep us all safe.
As for the updates themselves, the biggest priorities for tech companies are zero-day issues, which are typically patched before hackers have a chance to exploit the flaws in the wild. Tap or click here to see the most recent Windows update with three zero-day fixes.
If hackers understand how a glitch works, you can bet they’ll work to exploit it. That’s why some tech companies like Google are scant on details when new bug fixes are released. And now, Chrome just got a “critical” new patch with no official description of the bug. What could be the reason? Well, we might have an idea.
Google announces mysterious update for Chrome with no description for bug fixes
If you’re using Chrome right now, you need to take a moment to update as soon as you can. Google just announced a new patch for the web browser that fixes a “critical” level vulnerability.
This patch, version 81.0.4044.113, doesn’t go into much detail as to why the update is necessary, only highlighting the fact that it’s a priority download. This might sound odd, but it makes sense when you consider someone might be actively exploiting it.
Google said, “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
This means that once enough people are immune to the critical bug, we’ll find out the “why” behind the update. Let’s hope that’s soon because it can feel a bit odd installing an update without having the rationale in hand.
Related: Tap or click to see how Google’s hunt for zero-day exploits is benefiting Apple
How to get the update
To update Chrome, click the “Three Dot” icon and hover your mouse over Help. Then, click on About Google Chrome. Check that you have 81.0.4044.113 or later. If you aren’t up to speed, checking the version should automatically trigger an update.
If this doesn’t happen and you’re not on the current version, you may have to wait for Google to roll it your way. The company says that this update will be available for all users in the coming days to weeks. In the meantime, just be extra cautious when you’re online.
Could this update be the result of a malicious extension issue?
We don’t know the official reason for the update, but a new batch of Chrome-exclusive malware discovered in recent days could clue us in as to why.
Researchers from security firms PhishFort and MyCrypto have found 49 Chrome extensions that appear to engage in covert data harvesting without the permission of the user.
These extensions would log keystrokes, as well as hunt for personal information like login data and cryptocurrency information. Once this information is captured, it’s sent to a command-and-control server somewhere else on the web.
All of the extensions were Bitcoin and cryptocurrency-related, so if you have any extensions that help you manage your crypto portfolio, we recommend uninstalling them just to be safe.
Unfortunately, the specific names of all the extensions are unavailable. In a typical move for Google, the company removed all traces of these programs from the Chrome extension store once they were reported.
There’s no confirmation that these extensions and the bug fixes provided by the update are connected, but the fact that they happened in close succession is enough to raise an eyebrow or two. Just to be on the safe side, stay up to date.
At the very least, Google doesn’t have Microsoft’s track record for buggy updates. Tap or click here to see what the last big Windows update broke.