Google has patched a rather serious zero-day exploit in the desktop and Android versions of the Chrome browser.
According to Google's own Chrome Releases blog (via Android Police), the search giant patched a serious "use-after-free" flaw related to the FileReader API. This API allows websites and other web-based services to read files stored on a user's computer. But the flaw lets hackers break out and execute potentially malicious code on a device.
What made Google's fix even more pressing was the apparent admission that the flaw was being used in attacks, as opposed to a vulnerability that was only found in a closed, security environment. In fact, Chrome security lead Justin Schuh tweeted (h/t: ZDNet) that users should update their browser installs right now.
Also, seriously, update your Chrome installs… like right this minute. #PSA
— Justin Schuh
(@justinschuh) March 6, 2019
In any event, you should update your Android and desktop versions of the Chrome browser to version 72.0.3626.121 via the buttons below.
No comments:
Post a Comment