Posted on 03/08/2019 7:49:10 AM PST by dayglored
Google is urging users to update Chrome across all platforms after a critical vulnerability was discovered and patched.
The vulnerability exploits a security flaw known as CVE-2019-5786. The security flaw is a memory management issue in Chrome's FileReader which gives hackers the opportunity to inject and execute malicious code.
FileReader is a embedded program in most browsers that allows web apps to read the contents of a user's local file system. The vulnerability identified by Google allows malicious code to leave Chrome's security environment and run commands on the underlying OS.
Well-known Chrome security researcher Justin Schuh concisely addressed the urgency of this update on Twitter:
Also, seriously, update your Chrome installs... like right this minute. #PSA
Justin Schuh (@justinschuh) March 6, 2019
Google is calling this a "zero-day" vulnerability, meaning that the bad guys figured out how to exploit it before the good guys were able to find and patch it.
The version of Chrome you should be running is 72.0.3626.121, released at the beginning of March 2019. To check your version number, type chrome://settings/help into the address bar. From there, you will be able to see your version number. Just going to that page will trigger an update check, and Chrome will prompt you to relaunch it when finished. You can also manually download the latest version of Chrome here.
Stay safe out there.
Don’t have it, even though every ‘free’ app tries to install it.......................
I am sure I am like most and have Chrome set to automatically update. Got current version: Version 72.0.3626.121 (Official Build) (64-bit)
Put down the cat, coffee, beer pint, martini, whatever you're holding, and make sure you've updated Chrome (unless you enjoy being hacked)
*PING* for your lists...
Yeah Im going to lt Google, totally government-connected and selling its users info to anyone anywhere, supply me with my internet browser. Right.
I just checked, the version of Chrome I am running now is the right (latest) one. Must have updated automatically.
I checked and am up to date.
Thank you for the heads up!
Done automatically.
Who here’s stupid enough to still be using ANY google-linked program?
I mean, if I want my personal data, web-browsing history, passwords, credit card data and all that to go directly to the NSA/DOJ/INTERPOL I’d just send it to them, why use an intermediary?
:: FileReader is a embedded program in most browsers that allows web apps to read the contents of a user’s local file system ::
Yet, everyone will pass this by and dutifully update their Chrome. Then, they will get the security agreement, never read it and click “I Agree”.
Thanks for posting this. I’m running Chrome. And since yesterday why I try to go to the Verizon website, I get redirected to some fake site. Now maybe I know why.
Thank you.
They already have that stuff.
Hopefully they are reading FR—they might learn something!
Interesting! I am using the Brave browser. Just checked my version and this is what I got. Looks like Brave has "blended" with Google Chrome a little too closely for my personal comfort level.
Dayglored, what is your professional opinion?
p
Gargoyle products are not welcome on my machines so no problems here!
Never heard of it. I am stuck using the most popular browsers, so that I can frequently check our company websites to ensure they are working correctly. So I use chrome, which is over 75% of the browser market, Safari, and Microsoft Edge.
Google...shove it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.