Google has issued a warning to its two billion chrome users a new critical warning. First identified by security specialist Sophos, Google has quietly issued a warning that the Google Chrome browser has some critical security flaw affecting Windows, Mac and Linux. The company is urging users to upgrade to the latest version of the browser (81.0.4044.113).
Google’s blog does not mention much information regarding bugs and flaws and states “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
It does however vaguely mention “[$TBD] Critical CVE-2020-6457: Use after free in speech recognizer. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2020-04-04”
Some digging revealed that the exploit has been marked as ‘Reserved’ by the US government’s National Vulnerability Database.
Shedding some light upon this issue, Sophos explains “I]n some cases, use-after-free bugs can allow an attacker to change the flow of control inside your program, including diverting the CPU to run untrusted code that the attacker just poked into memory from outside, thereby sidestepping any of the browser’s usual security checks or “are you sure” dialogues.
That’s the most serious sort of exploit, known in the jargon as RCE, short for remote code execution, which means just what it says – that a crook can run code on your computer remotely, without warning, even if they’re on the other side of the world.”
The new 81.0.4044.113 is rolling out for Windows, Mac and Linux right now. You can check your Chrome version by clicking the three vertical dots in the top right corner of the browser then navigating to Help > About.