Google Chrome Security Alerts Affect Billions: What to Do Now

Google Chrome Security Alerts Affect Billions: What to Do Now

Google last week announced an update to its Chrome web browser that included a fix for a serious security flaw However, not wanting to let evil hackers exploit the vulnerability, the browser maker did not reveal too many details, except that the flaw involves "post-free use in speech recognition"

Thanks to Sophos security researcher Paul Ducklin, we now know about the fix included in Chrome version 8104044113 for Windows, Mac, and Linux users, and whether the update has been applied Some understanding of why and how

According to Ducklin's post on NakedSecurity, Sophos' consumer blog, the Chrome bug could possibly allow an attacker to bypass "any of the browser's normal security checks or "Are you sure" dialogs"

Like many use-after-free bugs, the bug could "allow an attacker to alter the flow of control inside the program, such as bypassing the CPU to execute untrusted code that the attacker has poked into memory from the outside," Ducklin Ducklin said

A "use after free" bug is when an application continues to use a block of running memory, or RAM, after it has been "freed" for use by another application A malicious application can exploit this mistake by taking the freed memory block and tricking the application into unexpected behavior

Since Google considers this bug "critical," Ducklin says the flaw likely allows remote code execution

Google has said that Chrome version 8104044113 will be rolled out "over the next few days/weeks," and for many desktop users the browser will update automatically However, Ducklin recommends updating manually, just in case

Look for the "About Google Chrome" menu option on the device toolbar It is usually located in the upper right corner and has three overlapping dots If an update is awaiting, the three dots will be colored

Green means that a Chrome update was released within the last two days, orange means that the update was released about four days ago, and red means that the update was released at least a week ago17]

If the three dots are any color other than gray, click the icon and go to Help and scroll down to "About Google Chrome" in the window that appears

When you open the About Google Chrome page, Chrome will automatically start checking for updates and will also show you the version of the browser you are currently running

The version of Chrome is 8104044113 or later If you are not running version 8104044113 or later, the "About Chrome" page will prompt you to update You will need to restart your browser to apply the patch

In the meantime, consider enabling automatic device updates That way, when Google releases patches in the future, you will not have to perform updates via this manual method

Categories