Google: Update Chrome Immediately

Google has issued an urgent warning for Chrome users to update their browser if needed. That's because a security flaw is being actively exploited.

The flaw in question is referred to as a "zero-day exploit." In an ideal world, software developers discover a bug and get some time before hackers find out about it and start taking advantage. In this case, the hackers did so before Google could develop a fix and get it out to users.

Google is keeping the full details of the flaw secret for now to avoid giving even more criminals clues on how to exploit it. It says it won't say any more until the majority of users have the fix in place and it's checked to see if any third-party developers that rely on Chrome need to make their own fixes.

File Access Root of Problem

What is known is that the flaw involves the FileReader tool, which is how websites access details of files stored on a local computer. This could be needed for uploading a file to a site (for example), or sending an attachment to a message.

The flaw has to do with the way FileReader interacts with computer memory. In particular, flaw could mean hackers could execute files by remote, which means that malware could be installed without the user knowing about it. (Source: zdnet.com)

Checking For Update Is Easy

The bug was fixed with the latest version of Chrome, namely 72.0.3626.121. It began rolling out at the start of March but not everyone will have it yet. (Source: sophos.com)

Users have two ways to check they have the latest version. One is to open the settings menu (by clicking on the three vertical dots in the top right of the screen) then choosing "Help" and then "About Google Chrome." The other is to type "chrome://settings/help" (minus the quotation marks) into the address bar.

Either way will bring up the same screen, which shows the version number and a message saying whether or not Chrome is up to date. If not, there'll be an option to update immediately.

What's Your Opinion?

Has Google acted sufficiently to warn people about this problem? Does it lower your confidence in Chrome or are occasional security flaws inevitable? Should Google do more, for example by adding a warning to the Google search page if it detects somebody is running Chrome?