- Google has issued a critical update warning to its two billion Chrome users across the globe.
- Chrome has discovered a new security flaw across Windows, Mac and Linux that it labels “critical” and it urges users to upgrade to the latest version of the browser.
Search giant Google has issued a security warning for users of Chrome and asked them to update to the latest version, which patches the issue, writes Gordon Kelly for Forbes.
The update of the browser, version 81.0.4044.113 — has been rolled out for Windows, Mac and Linux, Google posted on support pages.
Browser update
After Google released the latest Chrome upgrade recently, the software giant is now out to alert its billions of users about the potential risk that they could face.
In a blog post, Google warned Windows, Mac, and Linux users that there is a presence of potential risk of a critical bug.
Google urged its users to upgrade to the latest browser version, 81.0.4044.113 which will roll out in the days or weeks ahead. The company stated through its website that details and links about the bug will be kept restricted for the moment.
Moreover, Google guarantees that it will release the details of the bug once the majority of the users are already updated with the latest browser version.
The Critical exploit CVE-2020-6457
Google was referring to the exploit CVE-2020-6457 as said in the post. The description that went along described, “Use after free in speech recognizer.”
Google did not provide more details on the bug, but news began to spread. Questions such as why the company would issue the said warning quietly and keep a mystery on the details of the vulnerability.
However, sources provided answers to the said questions and revealed that the US government’s National Vulnerability Database marked the exploit CVE-2020-6457 as Reserved.
Furthermore, Sophos, a security specialist described the bugs marked “use-after-free” as the most serious kind of threat. It has the potential of making the CPU run untrusted code inserted from the outside.
It can disable the security warnings that any bugged device is supposed to prompt before running a program. It can also sidestep the “are you sure” dialogs which are a part of a browser’s usual security check.
Without the said security check, it is easy for hackers to implant malware on target devices. The specialist labeled the bug as remote code execution (RCE). This means that hackers can run commands and codes on a device without the user realizing that something is going on.
Scope of vulnerability
The exploit (CVE-2020-6457) will continue to put Windows, Mac and Linux users at risk until they decide to go for an upgrade to the latest browser version. On the other hand, Chrome users running an older version of the browser are susceptible to the bug.
Experts are calling all Chrome users to check if they are already running the latest browser version and to not rely on automatic updates once the upgrade rolls out.
Did you subscribe to our daily newsletter?
It’s Free! Click here to Subscribe!
Source: Forbes
