Google has launched an emergency update for Chrome users worldwide. The US technology company is urging users to install the update as soon as possible – and is keeping its mouth shut about the full extent of the vulnerability plaguing users until it’s sure that the majority of people have patched the flaw.
The flaw carries the codename “CVE-2020-6457” and is listed as a “use after free” exploit.
Security researchers at Sophos uncovered the vulnerability. According to reports, the flaw is a Remote Code Execution (RCE) that allows attackers to run commands and untrusted scripts behind your back.
In a blog post about the flaw, Sophos researcher Paul Ducklin said it could enable hackers “to change the flow of control inside your program, including diverting the CPU to run untrusted code that the attacker just poked into memory from outside, thereby sidestepping any of the browser’s usual security checks or ‘Are You Sure’ dialog.”
That means Google Chrome won’t double-check with users before allowing hackers to run their scripts. That could lead to devastating consequences for users.
According to Ducklin, the vulnerability could impact up to two billion users between Windows, macOS and Linux machines across the globe.
MORE LIKE THIS
Google Chrome update loses some features, but should still make browsing less annoying
That’s devastatingly high. Fortunately, Google Chrome should keep itself up to date automatically – so you shouldn’t have to do much to ensure you’re shielded against the flaw. However, you can push things along a little quicker if you’re worried about the flaw.
To do that, launch your Google Chrome app on Windows 10 or macOS and click on the three-dots icon in the top right-hand corner of the browser window. In the dropdown, select Help > About Google Chrome. That should kickstart the update process.
Once your web browser has updated, you might need to click on the Relaunch button to launch the application again.