Hackers attacking Google Chrome — what to do now

1. Domicile
2. News
3. Security

Hackers attacking Google Chrome — what to do now

(Image credit: Shutterstock)

Update: Chrome for Android may be getting an important upgrade also, with the latest Canary build revealing a dialogue box that confirms whether you want to close down all your tabs .

Google terminal nighttime (Dec. xiii) patched the desktop version of the Chrome browser to fix v security flaws, including one high-risk "nil-day" vulnerability that's likely already beingness exploited "in the wild" by attackers. Updates may non achieve all users correct abroad.

The new updates take the current version of Chrome on Windows, Mac and Linux to version 96.0.4664.110. Windows and Mac users by and large need to but close and relaunch the browser to kickoff the update; Linux users may demand to wait for their distributions to bundle the patch into regular update cycles. (Android and iOS versions of Chrome get separate updates.)

To brand sure your Chrome installation is up to date, click the three vertical dots on the top right of the browser window. Mouse downwardly and hover your cursor to Help, and so click About Google Chrome.

A new tab will open that either shows you that your version is up-to-engagement, or volition brainstorm a download of the new version if you're on Windows or Mac. If the latter happens, you lot'll just need to relaunch the browser.

Some other widely used browsers that share Chrome'southward open-source underpinnings, including Microsoft Border, Brave, Opera and Vivaldi, have not yet been updated to the new version. Microsoft may be waiting until its ain December Patch Tuesday round of updates are pushed out later today (Dec. 14).

Loss of retentiveness

The vulnerability that's already beingness exploited involves a "use after free" bug in V8, Chrome's JavaScript engine, according to the official Chrome Releases blog post.

"Use afterward free" implies that some process in V8 is not properly "returning" its block of allocated memory space to Chrome's central repository, creating an opportunity for a malicious process to seize the retentivity block and hack Chrome from the inside. The discovery of the flaw was credited to an anonymous researcher.

The other 4 flaws involved Chrome graphics rendering and software libraries. Although those flaws weren't publicly disclosed earlier yesterday, it'south probable that some attackers volition attempt to figure out what the bug are and craft exploits appropriately. Google won't reveal the details of each i for another 30 days.

Google this year has patched at least a dozen flaws in Chrome that counted equally "nix days", significant the flaws were publicly known of and likely exploited before Google had a take a chance to patch them.

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has too been a dishwasher, fry cook, long-haul driver, lawmaking monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom'due south Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random Idiot box news spots and even moderated a console discussion at the CEDIA home-engineering science conference. You can follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/chrome-96-patch-2

Posted by: addisonfaren1994.blogspot.com

Share this post