After announcing a zero-day vulnerability that it said attackers are “actively exploiting”, Google has alerted the users of its Chrome browser to update to the latest version right away, Engadget is reporting. If you’re on Chrome’s stable channel, then the latest update should install version 72.0.3626.121 with the fix.
According to Chrome security engineer Justin Schuh, what makes this bug different from previous exploits is that the browser needs to be restarted for the fix to take effect.
This link has more context on the 0day attack observed against Chrome. Separately, I want to expand on why it was important to call out this attack more prominently than previous 0day attacks against Chrome. [1/3] https://t.co/9rGkXa6BoI
— Justin Schuh ? (@justinschuh)
Google’s blog post also notes that the bug was being used in concert with a second exploit attacking the Windows operating system, although it may only impact people running Windows 7 32-bit systems.
“Pursuant to Google’s vulnerability disclosure policy, when we discovered the vulnerability we reported it to Microsoft. Today, also in compliance with our policy, we are publicly disclosing its existence, because it is a serious vulnerability in Windows that we know was being actively exploited in targeted attacks. The unpatched Windows vulnerability can still be used to elevate privileges or combined with another browser vulnerability to evade security sandboxes”.
Google has also confirmed that Microsoft is already working on a fix, although no exact date has been provided for its release.