Chrome updates are generally interesting because of new features, such as new ways to group tabs. But in recent weeks, there have been more important reasons to update Chrome.
In a post on the Bitdefender Hot For Security blog, the security firm urges people to download Chrome version 86.0.4240.198 for Windows, Mac, and Linux, which was released yesterday (November 11). According to Bitdefender, the update addresses "two critical flaws."
The official Chrome release blog ranks the severity of these flaws (tagged as CVE-2020-16013 and CVE-2020-16017) as "high."
Prudhvikumar Bommana, Chrome Technical Program Manager, wrote that Google is "aware of reports of CVE-2020-16013 and CVE-2020-16017 exploits in the wild."
This means that someone is already using these flaws to attack Chrome users; according to Bommana's limited description, these flaws appear to affect the way Chrome handles JavaScript and intercepts website activity It appears to affect the way Chrome handles JavaScript and intercepts website activity.
Links to the Chromium developer's blog regarding these two exploits are locked for now.
As Bommana writes, "Access to the bug details and links may be limited until the majority of users are updated with a fix. Access will also be restricted if the bug resides in a third-party library and other projects depend on it as well, but have not yet been fixed.
In other words, Google does not want more people to take advantage of these flaws, which will almost certainly affect other Chromium-based browsers such as Brave, Microsoft Edge, Opera, and Vivaldi.
These are the fourth and fifth "zero-day" flaws, vulnerabilities that are not known to hackers until they start using them, reported in the past month, including Chrome for Android. The previous three were all discovered by Google's own Project Zero team, but Google attributes the latest two to anonymous researchers.
Project Zero also found three zero-day flaws in Apple's iOS and one in Microsoft's Windows, all of which have been fixed. Google has suggested that some or all of these flaws may be part of state-sponsored espionage.
This is easy: just update Chrome. Anyone can do this, even computers with administrator privileges locked down by their employer.
Click here to learn how to update Chrome manually.
The update procedure is very similar for Brave, Edge, and other Chromium-based browsers.
Chrome will often update on its own if you close and restart the browser. However, considering the advice from Google, I suggest you update Chrome now. I did the update the moment I finished writing this article and will be going to my parents' computer to do the same.
Comments