Chrome Zero Day

Google is advising all users on all platforms to update your Chrome install right this minute!

A zero-day exploit was recently discovered within Chrome’s FileReader that could allow the execution of malicious code. With the release of the latest Chrome patch last Friday March 1, the issue should be addressed but Google is urging its users to make absolutely sure their Chrome is up to the latest version 72.0.3626.121.

To update your Chrome install, click the vertical three dots in the upper right corner of the window and then click Settings. From the settings view, click the “hamburger stack” three lines in the upper left to open the settings panel.

Get to Chrome Settings

On the settings panel at the very bottom click on “About Chrome.” On the about screen you should see the current version of your Chrome install.

Chrome Relaunch

If this screen says “Google Chrome is up to date” and the version matches 72.0.3626.121 (at the time of this writing) then you are protected. Otherwise there will be a button to manually update. Click this button and Chrome should update and restart.

As of right now, details of this exploit are being kept restricted until the majority of Chrome users have been able to update their browsers.

The vulnerability exists within Chrome’s FileReader component, which is a standard API that allows web applications to read contents of files stored on a computer. The issue is the “user-after-free” flaw in the FileReader component, where the program clears previously used memory to be used somewhere else, could be exploited to run arbitrary code to allow the attacker to gain privileges on the computer.

This could be used to trick victims into opening malicious files or redirecting them to specifically crafted malicious web pages.

 

Please to not waste time and update your Chrome Browser!

 

Frankenstein Computers has been taking care of our happy clients since 1999. We specialize in IT Support, IT Service, MAC repair, PC Repair, Virus Removal, and much more.  Give us a call for remote support or drop in to drop off.