Google wants you to update Chrome right now
Bottom line: Google is urging Chrome users to update their browsers immediately after a zero-day exploit that could give hackers direct access to a user’s OS has been found. The most recent version is 72.0.3626.121, and it’s the version you want to be running to make sure you’re safe from this exploit.
Google is urging users to update Chrome across all platforms after a critical vulnerability was discovered and patched.
The vulnerability exploits a security flaw known as CVE-2019-5786. The security flaw is a memory management issue in Chrome’s FileReader which gives hackers the opportunity to inject and execute malicious code.
FileReader is a embedded program in most browsers that allows web apps to read the contents of a user’s local file system. The vulnerability identified by Google allows malicious code to leave Chrome’s security environment and run commands on the underlying OS.
Well-known Chrome security researcher Justin Schuh concisely addressed the urgency of this update on Twitter:
Also, seriously, update your Chrome installs… like right this minute. #PSA
— Justin Schuh (@justinschuh) March 6, 2019
Google is calling this a “zero-day” vulnerability, meaning that the bad guys figured out how to exploit it before the good guys were able to find and patch it.
The version of Chrome you should be running is 72.0.3626.121, released at the beginning of March 2019. To check your version number, type chrome://settings/help into the address bar. From there, you will be able to see your version number. Just going to that page will trigger an update check, and Chrome will prompt you to relaunch it when finished. You can also manually download the latest version of Chrome here.
Stay safe out there.