Google Chrome engineers in the past three weeks alone have had to patch out five dangerous zero-day flaws with the world’s most popular browser. These type of vulnerabilities are dangerous as they’re actively being exploited by hackers while remaining unknown to those who would want to mitigate the threat. And after patching out a handful of these threats in recent weeks, Google has once again had to contend with another batch of zero-day exploits.
In a post online they said: “Google has released Chrome version 86.0.4240.198 for Windows, Mac, and Linux. This version addresses CVE-2020-16013 and CVE-2020-16017. An attacker could exploit one of these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild.”
The main advice the CISA offered to Google Chrome users was to ensure their browser was updated to version 86.0.4240.198.
While they also pointed towards the Center for Internet Security’s (CIS) website who offered further details and guidance.
CIS said: “Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet.
“Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data.
“If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.”
They said the newly discovered Google Chrome flaws pose a high risk to large and medium government and businesses entitles, with a medium risk to small government and business bodies.
The CIS added that the risk to home users was low. They also offered advice on how to stay safe which included the following measures…
• Apply the stable channel update provided by Google to vulnerable systems immediately after appropriate testing
• Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack
• Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources
Google Chrome has a handy tool which allows you to automatically install updates, but in some cases you may need to manually prompt Google to install a patch.
You can head to the “About Google Chrome” section in your browser toolbar to double-check which version of Chrome you’re running and to scan for an update.
Or, alternatively, you may see a colour coded icon of three vertical dots appear in the top right-hand corner of your screen letting you know you need to update.
If you see these icons then here’s how to update…
• On your computer, open Chrome.
• At the top right, look at More More.
• If an update is pending, the icon will be coloured:
– Green: An update was released less than 2 days ago.
– Orange: An update was released about 4 days ago.
– Red: An update was released at least a week ago.
To update Google Chrome:
• On your computer, open Chrome.
• At the top right, click More More.
• Click Update Google Chrome. Important: If you can’t find this button, you’re on the latest version.
• Click Relaunch.
Published at Wed, 18 Nov 2020 04:01:00 +0000