Google last week announced an update to its Chrome web browser that included a fix for a serious security flaw. However, not wanting to let evil hackers exploit the vulnerability, the browser maker did not reveal too many details, except that the flaw involves "post-free use in speech recognition."
Thanks to Sophos security researcher Paul Ducklin, we now know about the fix included in Chrome version 81.0.4044.113 for Windows, Mac, and Linux users, and whether the update has been applied Some understanding of why and how.
According to Ducklin's post on NakedSecurity, Sophos' consumer blog, the Chrome bug could possibly allow an attacker to bypass "any of the browser's normal security checks or "Are you sure" dialogs" .
Like many use-after-free bugs, the bug could "allow an attacker to alter the flow of control inside the program, such as bypassing the CPU to execute untrusted code that the attacker has poked into memory from the outside," Ducklin Ducklin said.
A "use after free" bug is when an application continues to use a block of running memory, or RAM, after it has been "freed" for use by another application. A malicious application can exploit this mistake by taking the freed memory block and tricking the application into unexpected behavior.
Since Google considers this bug "critical," Ducklin says the flaw likely allows remote code execution.
Google has said that Chrome version 81.0.4044.113 will be rolled out "over the next few days/weeks," and for many desktop users the browser will update automatically. However, Ducklin recommends updating manually, just in case.
Look for the "About Google Chrome" menu option on the device toolbar. It is usually located in the upper right corner and has three overlapping dots. If an update is awaiting, the three dots will be colored.
Green means that a Chrome update was released within the last two days, orange means that the update was released about four days ago, and red means that the update was released at least a week ago.17]
If the three dots are any color other than gray, click the icon and go to Help and scroll down to "About Google Chrome" in the window that appears.
When you open the About Google Chrome page, Chrome will automatically start checking for updates and will also show you the version of the browser you are currently running.
The version of Chrome is 81.0.4044.113 or later. If you are not running version 81.0.4044.113 or later, the "About Chrome" page will prompt you to update. You will need to restart your browser to apply the patch.
In the meantime, consider enabling automatic device updates. That way, when Google releases patches in the future, you will not have to perform updates via this manual method.
Comments