Google Chrome needs to be updated right now, says security boss

Critical issue has been fixed – but that fix must be downloaded

Andrew Griffin
Thursday 07 March 2019 09:28 EST
Comments
Incognito mode in Chrome claims to let users browse the web privately without Google collecting their information
Incognito mode in Chrome claims to let users browse the web privately without Google collecting their information (AFP/Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Google Chrome needs to be updated as soon as possible, its security boss has warned.

A critical security flaw inside of the browser is being used by hackers and could allow them to break into people's computers. The bug is already under attack, Google said when it announced it, meaning that cyber criminals are already trying to break into people's computers using it.

The issue has been fixed in the latest version of Chrome, Google has said. But that has not necessarily downloaded onto your computer, meaning people may still be in danger.

To fix the problem, open the drop down from the top right corner, go to help and click about Google Chrome. That will tell you what version you are running, as well as allowing you to update.

Chrome should be at least 72.0.3626.121 if it has been updated to fix the patch.

That is the advice of Chrome's head of security and desktop engineering. "Also, seriously, update your Chrome installs... like right this minute," posted Justin Schuh after the bug was fixed.

The vulnerability was related to an error in the way that Chrome uses memory, as part of a tool called FileReader. That allows web apps to read the contents of files that are stored on a computer – useful for a variety of features – and so could be used to break into people's sensitive documents.

The error happened when an app tried to read that memory even after it had been deleted, which opened up the problem. As a consequence, malicious code could be executed and hackers could find their way in through the browser.

Support free-thinking journalism and attend Independent events

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in