Blog

Cybersecurity

Cybersecurity warnings from Google scare Chrome users

Google released last April 15, 2020, a new and much-awaited update for Google Chrome for Windows, Linux, and Mac computers. Google at the same time issued a security warning for Google Chrome users, saying that the new update for Google Chrome would include a security fix for this issue.


While Google has not disclosed much information about the new update for Google Chrome (version 81.0.4044.113) during the date when the announcement was made, it has also released a warning for around two billion Google Chrome users regarding a critical security flaw across Windows, Linux, and Mac computers. Despite this, Google also said that it would not further provide any access to the bug details and links about this security flaw only until a majority of users download the update for Google Chrome. The company also stated that they will “retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.” In the same blog post, the only information that Google provided was the code name for the issue (CVE-2020-6457), a vague description for the issue (Use after free in speech recognizer.), and the name of the people who reported it as well as the date when the issue was reported (Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2020-04-04).


However, Paul Ducklin, security research at Sophos, wrote a post at NakedSecurity, which is the company’s consumer blog, further explaining what the bug is and explaining why it was considered as “critical” by Google. According to him, the security flaw discovered by Google allows a cyberattacker to sidestep Chrome’s security checks and “are you sure” dialog boxes. This means that just like any other “use-after-free” bugs, this could allow someone to run untrusted code into your’s CPU and “change the flow of control inside your program.” Since the critical security flaw found in Chrome allows what is called RCE or remote code execution, anyone can run code into your computer remotely without warning, even if that person is on the other side of the world. While Google said that the update was being rolled out in the days/weeks since they announced it, Ducklin advises Google Chrome users to install the update manually just to be sure.
If version 81.0.4044.113 has already been installed on your Google Chrome either automatically or manually, then there is nothing you should worry about. If you still have not updated your Google Chrome yet, you may follow these steps to install this update:


Open Google Chrome on your Windows, Linux, or Mac computer.
To check the version of your browser, locate the three dots on the upper right-hand corner of the browser window and then navigate to Help > About.


If you still have not downloaded this update, your Google Chrome should prompt you to do so.


Not downloading this update does not only leave you, your computer, and your browser vulnerable to a potential attack, you will also miss out on one of Google Chrome’s newest feature, tab groups. With that, updating your Google Chrome will provide you with an exciting feature along with relevant security fixes.