Update your Chrome browser. Right Now

Post Reply
User avatar
Addie
Posts: 33086
Joined: Mon Jun 15, 2009 6:22 am
Location: downstairs

Update your Chrome browser. Right Now

#1

Post by Addie » Thu Mar 07, 2019 7:48 am

Forbes
Google Confirms Serious Chrome Security Problem - Here's How To Fix It

Google Chrome's security lead and engineering director, Justin Schuh, has warned that users of the most popular web browser should update "like right this minute." Why the urgency? Simply put, there is a zero-day vulnerability for Chrome that the Google Threat Analysis Group has determined is being actively exploited in the wild. What does that all mean? Well, a vulnerability is just a bug or flaw in the code and while they all need to be fixed, not all of them either can be or are being exploited. A zero-day vulnerability is one that threat actors have managed to create an exploit for, a way of doing bad things to your device or data, before the good guys even knew the vulnerability existed. In other words they have zero days in which to issue a fix. The bad news for users of Google Chrome is that this particular zero-day vulnerability, CVE-2019-5786, is already being exploited by the bad guys. Which is why it's so important to make sure your browser has been updated to the latest patched version that fixes the vulnerability.

The problem explained

Although information regarding CVE-2019-5786 remains scarce currently, Satnam Narang, a senior research engineer at Tenable, says it is a "Use-After-Free (UAF) vulnerability in FileReader, an application programming interface (API) included in browsers to allow web applications to read the contents of files stored on a user's computer." Some further digging by Catalin Cimpanu over at ZDNet suggests that there are malicious PDF files in the wild that are being used to exploit this vulnerability. "The PDF documents would contact a remote domain with information on the users' device --such as IP address, OS version, Chrome version, and the path of the PDF file on the user's computer" Cimpanu says. These could just be used for tracking purposes, but there is also the potential for more malicious behavior. The 'use-after-free' vulnerability is a memory corruption flaw that carries the risk of escalated privileges on a machine where a threat actor has modified data in memory through exploiting it. That's why Google has issued the urgent update warning, as the potential is there for exploits to be crafted that could enable an attacker to remotely run arbitrary code (a remote code execution attack) whilst escaping the browser's built-in sandbox protection.

What to do next

Luckily this is an easy problem to fix, just make sure you do it as soon as you've finished reading this! First, head over to the drop-down menu in Chrome (you'll find it at the far right of the toolbar - click on the three stacked dots) and select Help|About Google Chrome. You could also type chrome://settings/help in the address bar if you prefer, which takes you to the same dialog box. This will tell you if you have the current version running or if there is an update available. To be safe from this zero-day exploit, make sure that it says you are running version 72.0.3626.121 (Official Build). If not, then Chrome should go and fetch the latest version and update your browser for you automatically.

User avatar
ZekeB
Posts: 15757
Joined: Mon Oct 12, 2009 10:07 pm
Location: Northwest part of Semi Blue State

Re: Update your Chrome browser. Right Now

#2

Post by ZekeB » Thu Mar 07, 2019 7:52 am

So says mine. I never update it. Apparently it does so on its own.
Ano, jsou opravdové. - Stormy Daniels

Nech mě domluvit! - Orly Taitz

User avatar
HeatherGray
Posts: 261
Joined: Sun May 08, 2016 9:06 pm
Location: Colorado
Occupation: retired systems analyst

Re: Update your Chrome browser. Right Now

#3

Post by HeatherGray » Thu Mar 07, 2019 7:56 am

Thanks, Addie. Mine was up to date, but it was good seeing the actual release number in the warning and that it agrees with mine.

User avatar
ZekeB
Posts: 15757
Joined: Mon Oct 12, 2009 10:07 pm
Location: Northwest part of Semi Blue State

Re: Update your Chrome browser. Right Now

#4

Post by ZekeB » Thu Mar 07, 2019 8:02 am

I use Chrome when I log onto Facebook. Malwarebytes always blocks a something.biz "hijack" whenever I first open Facebook. It's done this for months, long before this update.
Ano, jsou opravdové. - Stormy Daniels

Nech mě domluvit! - Orly Taitz

User avatar
Addie
Posts: 33086
Joined: Mon Jun 15, 2009 6:22 am
Location: downstairs

Re: Update your Chrome browser. Right Now

#5

Post by Addie » Thu Mar 07, 2019 8:03 am

Mine was up to date, too. I wasn't surprised, because Linux systems are updating constantly, it seems like.

User avatar
HeatherGray
Posts: 261
Joined: Sun May 08, 2016 9:06 pm
Location: Colorado
Occupation: retired systems analyst

Re: Update your Chrome browser. Right Now

#6

Post by HeatherGray » Thu Mar 07, 2019 8:06 am

Addie wrote:
Thu Mar 07, 2019 8:03 am
Mine was up to date, too. I wasn't surprised, because Linux systems are updating constantly, it seems like.
I run Linux also, but did a system update recently and couldn't remember if I had re-enabled the Google repository for Chrome.

User avatar
RTH10260
Posts: 21408
Joined: Tue Mar 02, 2010 8:52 am
Location: Near the Swiss Alps

Re: Update your Chrome browser. Right Now

#7

Post by RTH10260 » Thu Mar 07, 2019 8:07 am


User avatar
neeneko
Posts: 1657
Joined: Fri Jun 02, 2017 9:08 am

Re: Update your Chrome browser. Right Now

#8

Post by neeneko » Thu Mar 07, 2019 8:10 am

Addie wrote:
Thu Mar 07, 2019 8:03 am
Mine was up to date, too. I wasn't surprised, because Linux systems are updating constantly, it seems like.
Heh. My linux systems are probably my _least_ up to date. I almost never update them unless I have to.

User avatar
Addie
Posts: 33086
Joined: Mon Jun 15, 2009 6:22 am
Location: downstairs

Re: Update your Chrome browser. Right Now

#9

Post by Addie » Thu Mar 07, 2019 8:30 am

I'm the opposite. I'm not too tech-brained, so I tend to do what they tell me to do.
neeneko wrote:
Thu Mar 07, 2019 8:10 am
Addie wrote:
Thu Mar 07, 2019 8:03 am
Mine was up to date, too. I wasn't surprised, because Linux systems are updating constantly, it seems like.
Heh. My linux systems are probably my _least_ up to date. I almost never update them unless I have to.

User avatar
Addie
Posts: 33086
Joined: Mon Jun 15, 2009 6:22 am
Location: downstairs

Re: Update your Chrome browser. Right Now

#10

Post by Addie » Thu Mar 07, 2019 8:31 am

It's okay, dear Eurobot, it's okay :bighug:
RTH10260 wrote:
Thu Mar 07, 2019 8:07 am
:crying: :crying: :crying: nobody reads me Me MEMEMEMEME :crying: :crying: :crying:

User avatar
Foggy
Posts: 28317
Joined: Tue Jan 20, 2009 12:00 pm
Location: Fogbow HQ
Occupation: Dick Tater

Re: Update your Chrome browser. Right Now

#11

Post by Foggy » Thu Mar 07, 2019 8:38 am

I read Eurobot's post and made sure Chrome was updated before I got to this thread. :dance:
Every locked door has a key. - Emika Chen

User avatar
neeneko
Posts: 1657
Joined: Fri Jun 02, 2017 9:08 am

Re: Update your Chrome browser. Right Now

#12

Post by neeneko » Thu Mar 07, 2019 8:40 am

Addie wrote:
Thu Mar 07, 2019 8:30 am
I'm the opposite. I'm not too tech-brained, so I tend to do what they tell me to do.
I probably should, and for desktops I do, but all the linux machines I work with are servers and updating those can be a nightmare since I never know what it might break and impact other people.

User avatar
Mikedunford
Posts: 10414
Joined: Mon Dec 06, 2010 9:42 pm

Re: Update your Chrome browser. Right Now

#13

Post by Mikedunford » Thu Mar 07, 2019 12:55 pm

Thanks to all who pointed this out. Not only was I able to update, I was able to tell my students to update, and connect it to today's seminar on network information security regulation - so win-win-win! :thumbs: :thumbs:


Hidden Content
This board requires you to be registered and logged-in to view hidden content.
"I don't give a fuck whether we're peers or not."
--Lord Thomas Henry Bingham to Boris Johnson, on being asked whether he would miss being in "the best club in London" if the Law Lords moved from Parliament to a Supreme Court.

Post Reply

Return to “Computers & Internet”