One of the most dreaded issues that software developers face is what is commonly known as the zero-day attack. Zero-day attacks can be devastating for one reason — they are security flaws that are already being exploited by hackers before the software developers are even aware of them.
As you can imagine, with these types of attacks, time is of the essence as developers race to patch the holes as quickly as they can to minimize the damage wrought by opportunistic hackers.
One such zero-day flaw in Google’s Chrome browser was recently revealed, and attackers were already actively exploiting it since last week, at least. Read on and see if you’re protected from this latest round of Google Chrome attacks.
Chrome zero-day you need to know about
Google revealed on Wednesday that a previously unknown security flaw in its Chrome browser was under attack last week.
The security bug (CVE-2019-5786) was a “use-after-free” flaw in Chrome’s FileReader, an interface that all major web browsers use to allow web apps to read the contents of files stored on user’s local computer.
Use-after-free vulnerabilities are common memory issues found in software. These errors happen when an app attempts to access a system’s memory even after it has been freed. This could cause programs to crash or cause memory corruptions that hackers can use to run malicious code.
Chrome’s recent use-after-free exploit apparently allowed hackers to slip malicious code through the browser’s security sandbox and run commands on the system’s main operating system.
Google credits the discovery of the flaw to Clement Lecigne of Google’s Threat Analysis Group. The date of the bug report was on Feb. 27.
Are you protected from this zero-day?
Thankfully, Google quietly released an update last week to patch the flaw. Since it was a patch for a zero-day, the exact reason for the security fix was not publicly disclosed until Wednesday to contain the reach of the exploit.
According to the Google’s Stable Channel Update blog, access to the bug details and links will be kept under wraps until majority of Chrome users are updated with the fix or if the flaw still exists in third party libraries.
So if you use Chrome on Windows, macOS or Linux, make sure you are in its latest version, 72.0.3626.121.
Chrome normally updates itself automatically after you restart it, but since the update contains a fix for an ongoing attack, please double check.
To check your version, click the Chrome menu that looks like three dots on the far upper-right hand corner of the screen >> Help >> About Chrome. If your version is not up to date, Chrome will automatically download it for you. Restart your browser to install it.