Google Chrome users need to make sure they download the latest update for the world’s most popular browser which thankfully has fixed a ‘high severity’ flaw with the market leading software. The vulnerability in question was rated 8.3 out of 10 on the industry standard CVSS scale. This is the second highest threat level that be awarded to a vulnerability, behind ‘critical’ flaws.
As reported in a post on Threatpost, the flaw (CVE-2020-6492) would have enabled nefarious parties to execute arbitrary code on a victim’s machine.
If you’re unfamiliar with the lingo, in essence this type of attack is when a bad actor runs a piece of code on a victim’s machine in order to get admin access.
With these type of privileges, a threat actor could wreak havoc on a system – stealing sensitive data or adding and removing programmes without a victim noticing.
The threat which affected Google Chrome was highlighted by Cisco Talos’ Jon Munshaw who outlined the issue in a blog post on Monday.
READ MORE: Chrome changes Incognito Mode to make it faster to hide your activity
Munshaw said: “The Google Chrome web browser contains a use-after-free vulnerability in its WebGL component that could allow a user to execute arbitrary code in the context of the browser process.
“This vulnerability specifically exists in ANGLE, a compatibility layer between OpenGL and Direct3D that Chrome uses on Windows systems.
“An adversary could manipulate the memory layout of the browser in a way that they could gain control of the use-after-free exploit, which could ultimately lead to arbitrary code execution.”
The flaw affected Google Chrome versions 81.0.4044.138 (Stable), 84.0.4136.5 (Dev) and 84.0.4143.7 (Canary).
Cisco worked with Google to devise a fix for the flaw, which is being rolled out in the Chrome 85 stable channel this week.
Thankfully, Google Chrome has an automatic update feature – with the browser checking for patches regularly and applying it when you close and re-open the software.
However, if you haven’t closed your browser in a while, you might see a pending update.
Here’s how to check if you have a pending update for Chrome…
• On your computer, open Chrome
• At the top right, look at the More icon which is three dots arranged vertically
• If an update is pending, the icon will be coloired:
– Green: An update was released less than two days ago
– Orange: An update was released about four days ago
– Red: An update was released at least a week ago
If you need to update Google Chrome, here’s how to do it: On your computer, open Chrome > At the top right, click More > Click Update Google Chrome (Important: If you can’t find this button, you’re on the latest version) > Click Relaunch.
The discovery of the latest Google Chrome vulnerability comes after earlier this month a major flaw was found in Chromium-based browsers Chrome, Opera and Edge.
The vulnerability allowed bad actors to bypass the Content Security Policy (CSP) on websites in order to steal data from visitors.
The flaw affected versions of Chromium-based browsers on Android, Windows and Mac.
And according to PerimeterX cybersecurity researcher Gal Weizman, it potentially affected billions of people.
Chrome browsers from version 73 released in March 2019 all the way through to the 83 build were affected.
The Chrome 84 patch released in July fixed the vulnerability.