Chrome Users: Update Now to Patch Critical Bug

John Lister's picture

Google has issued a critically important update to its Chrome browser due to a nasty zero day bug. The browser should update automatically for most users, but the bug is serious enough that it's a case of checking to ensure that the update has been successfully applied.

The update fixes three security problems, one of which is a critical. It means hackers were actively exploiting the problem before Google fixed it - meaning the update process gave users a zero day head start on the bad guys (hence the term, 'zero day exploit').

Perhaps unsurprisingly, Google isn't saying much at all about the bug, likely because there's a risk doing so could tip off other would-be attackers to try to figure out how the vulnerability can be exploited.

Security Barrier Could Be Bypassed

All that's publicly known is that it's a type of "confusion bug." In simple terms, it means attackers could trick Chrome into storing data into memory as if it were something innocuous that needed little security protection. In reality, the data could be used for another more sensitive purpose, having bypassed the security checks normally provided by Chrome or the operating system. (Source: sophos.com)

Google has also noted the bug involves V8, which refers to the way Chrome handles JavaScript. That could mean attackers were able to run scripts on "booby trapped" websites and get unwarranted access to the computer's memory.

Chrome normally updates itself automatically in the background, though this can be delayed if users keep a window open continuously or if Chrome isn't active in memory. There are several ways to double-check that Chrome up to date, discussed next.

How To Check if Chrome is Up To Date

The first is to look at the three vertical dots at the top-right of the browser, just below the cross symbol that closes Chrome. These are normally gray/black but will turn green if an update is pending. After a couple of days without the update, the dots turn orange and after a week they'll turn red. (Source: google.com)

Users can also click on the dots and look for "Update Google Chrome" in the drop-down menu. If it doesn't appear, then Chrome is up to date.

For even more reassurance, users can click on the dots, select "Help" and then "About Google Chrome." This will force the browser to check if an update is due. If not, it will list the current edition and confirm that "Google Chrome is up to date" along with a blue tick logo.

The 64-bit version of Chrome which is fully patched is version 80.0.3987.122. Anything less than that is considered not to be patched.

What's Your Opinion?

Do you ever check if your browser is up to date? How much do you trust automated updates? Should Google release more details about such bugs or keep them secret?

Rate this article: 
Average: 5 (5 votes)

Comments

doulosg's picture

My Chromebook is still on v79. It seems to update reliably, but apparently a ChromeOS patch has not yet been released. The other sites that mention it do not indicate if an update is forthcoming or if, somehow, ChromeOS itself is okay (presumably not).