The internet can sometimes be far from safe, especially when there are hackers who want to compromise our security. That said, Google Chrome has suffered active attacks in the last week, and now Google warns people to immediately update Google Chrome due to a security flaw known as CVE-2019-5786, or zero-day vulnerability.
According to ZDNet, updating the Chrome browser automatically fixed the issue with vulnerability, which is why it’s important for users to immediately check whether they are running the latest version, currently active 72.0.3626.121, preferably right after reading this article.
Google warned its users to update Google Chrome due to a security flaw via Google Chrome’s security lead and engineering director, Justin Schuh, who posted the warning on his Twitter account, saying it’s important to update “like right this minute.” If such a person posted something like that, then we can safely conclude that the flaw is real.
Also, seriously, update your Chrome installs… like right this minute. #PSA
— Justin Schuh 🗑 (@justinschuh) March 6, 2019
What is Zero-Day Vulnerability?
As explained on Forbes by Darvey Winder, zero-day vulnerability is a security flaw which was developed by hackers to harm your personal data, and thus your device. What makes this security flaw more prominent and harder to spot than others is that it takes effect before the ethical hackers or cyber security experts have actually detected them, leaving little to no time to fix the issue before too much damage is done.
The bad news is that the security flaw is already being exploited through older versions of Google Chrome. The good news, however, is that you can update Google Chrome and get rid of it for good.
There’s not much information about what CVE-2019-5786 precisely does at the moment, however Satnam Narang, a senior research engineer at Tenable described it on their website as “Use-After-Free (UAF) vulnerability in FileReader, an application programming interface (API) included in browsers to allow web applications to read the contents of files stored on a user’s computer.”
As ZDNet reports, there are malicious PDF files on the internet which are in use for exploiting the vulnerability.
“The PDF documents would contact a remote domain with information on the users’ device –such as IP address, OS version, Chrome version, and the path of the PDF file on the user’s computer,” it says in the report.
How to update Google Chrome?
To update Google Chrome due to the security flaw, open the browser and click “About Google Chrome,” which can be found in the Help section found in the drop-down menu along with bookmarks, history and other settings. Afterwards, Chrome will update automatically if there is a new version. While web browsers update automatically without an issue, it’s still good to check and be better safe than sorry.