Billions at risk after ‘high-level’ Google Chrome hacks

Billions at risk after 'high-level' Google Chrome hacks
© Mikhail Primakov | Dreamstime.com

Software updates happen all the time. It can be challenging to keep track of which are new updates and which ones are from a few weeks ago. But that is a good thing. It means that developers are actively trying to plug ongoing security issues.

Google’s Chrome browser is a good example. It has received three updates since September, with the latest one rolling out just last week. But it’s not always to fix security problems, as the previous update also brought some new features.

Unfortunately, coding in some updates has created vulnerabilities that require urgent patching. Here is what the latest update fixes and why you should download the latest version.

Here’s the backstory

Google didn’t want to divulge the exact nature of the most recent flaws, which is customary until users have installed the patch. But what we do know from a security blog post is that this update corrects four critical flaws.

All four have been tagged as high severity and span several processes. Two have to do with heap buffer overflow in WebRTC and Blink, while the others fix a “Use after free in Garbage Collection” problem and “Inappropriate implementation in Sandbox.”

Google’s threat analysis group (TAG) explained that two of the flaws are considered zero-day exploits and mark the 13th such flaw of the year. It added that hackers figured out a way to trick Windows into accepting code signatures that OpenSSL code could not detect in certain security clearance scanners.

Essentially a hacker could give themselves access to a building or website through their clearance.

The latest update comes after Google rushed to fix another zero-day exploit at the end of September. It seemed severe enough to warrant its own security patch, as Google usually bundles them together.

What you can do about it

You should always make sure that you are on the latest version of any software that you use. Updated versions will include security updates, and sometimes it will have new features too. Here’s how you update your Chrome browser:

  • Open Chrome
  • Click on the Menu button in the top-right corner (three stacked dots)
  • Hover your cursor over Help
  • Click on About Chrome

This will display the version you are currently on. If an update is available, it will automatically start downloading. Don’t forget to save whatever you are working on, as the browser needs to reload when completed.

Keep reading

Scary smartphone malware just got worse – How to spot it

5 subtle clues that email is really a clever phishing scam

Tags: browser, coding, exploits, Google, Google Chrome, hackers, malware, phishing scam, security, smartphones, software updates, updates, vulnerabilities, zero-day exploits