Run, do not walk, to check that Chrome has been updated to the latest version« Back to Tech Tips
Over the past couple of weeks we learned about two “zero-day” vulnerabilities from Google – one affecting Google Chrome and another in Microsoft Windows that were being exploited together.
What is a 0-day vulnerability, you ask? Well, It’s a security flaw in a software program that is discovered or known by the software vendor (in this case Google) but doesn’t have a patch in place to fix the flaw. So, “zero-day” refers to the fact that the developers have “zero days” to fix the problem. Because it has the potential to be exploited by cybercriminals, the developer has to work quickly to fix the issue to protect its users.
When Google discovered this 0-day in their own software they quickly remediated it by releasing an update for all Chrome platforms on March 1; this update was pushed through Chrome auto-update. Your job? Check to make sure that Chrome’s auto-update service has updated Chrome to version 72.0.3626.121 or later. Here’s how:
- Open a Chrome browser page enter the following into the address bar: chrome://settings/help
- You will see a message along these lines: Google Chrome is up to date | Version 72.0.3626.121 (Official Build) (64-bit)
- Hopefully our Google Chrome will be “up to date.” But if there is an update available, Chrome should go and fetch the latest version and update your browser for you automatically.
As for the Windows zero-day discovered by Google – they reported it to Microsoft and a fix should have been or will be pushed out soon. Be sure you are running Windows updates regularly! Google suggests, as a mitigation action, that users consider upgrading to Windows 10 if they are still running an older version of Windows, and to apply Windows patches from Microsoft when they become available.« Back to Tech Tips