New Critical Security Bug in Chrome – Update Now
Google has issued a security warning for all users of its Chrome web browser. A new update for Chrome — version 81.0.4044.113 — is rolling out for Windows, Android, and Linux devices.
According to Google’s Chrome Releases Blog:
“…Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed..
This update includes 1 security fix. Please see the Chrome Security Page for more information.
[$TBD] Critical CVE-2020-6457: Use after free in speech recognizer. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2020-04-04
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel…”
The vulnerability, a “use after free”bug is is RCE (Remote Code Execution) type, which is serious since it allows an attacker to run code on your computer.
“…In use-after-free bugs can allow an attacker to change the flow of control inside your program, including diverting the CPU to run untrusted code that the attacker just poked into memory from outside, thereby sidestepping any of the browser’s usual security checks or “are you sure” dialogs. That’s the most serious sort of exploit, known in the jargon as RCE, short for remote code execution, which means just what it says – that a crook can run code on your computer remotely, without warning, even if they’re on the other side of the world.”
The new update comes only with security fixes and rewards and as part of a note, however, the company is not sharing any details about that as of now. In a small note, Google explains, “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
Chrome version 81.0.4044.113 is rolling out now for Windows, Mac, and Linux. Check your version of Chrome this way:
- Click the 3 vertical dots in the top-right corner of Chrome
- Click on “Help” “About Google Chrome”
- You’ll see your current version of Chrome. If you are running version 81.0.4044.113 (or newer if you’re reading this at a future date) it will say your versions of Chrome is up to date.
- If you’re not running the new version of Chrome it’s important that you update immediately.