If you’re one of more than 2 billion users who have Chrome installed on their computer(s) and/or mobile device(s), you should be aware that a serious zero-day vulnerability has Google security researchers telling everyone to update it right now.
How to See If You Have the Latest Version of Google Chrome
To check and see if you have the latest version, open Chrome (or a new tab if you’re already using it) and type “chrome://settings/help” without the quotations into your address bar. This should take you to your “About Chrome” page. Alternatively, you can get there from the menu by clicking on the icon of the three dots at the right side of the ribbon, then click on Help, then click on About Google Chrome.
The “About Chrome” page should tell you your version number. Your version should be 72.0.3626.121, which was the most recent version released on March 1st. If it is, you’re safe. If not, there are two ways to update.
How to Update Google Chrome
- If you opened the About Chrome page and you weren’t up-to-date, Chrome should have automatically downloaded and installed the latest update.
- If you’re still not sure everything is patched, click on the icon of the three dots in the upper right corner of Chrome. If the ‘Update Google Chrome’ option does not appear in the drop-down menu, you are on the latest version. If it does, click that option to force the update and then relaunch your browser.
All set? Good. The vulnerability you patched is designated as CVE-2019-5786, and while Google hasn’t released many details on the specifics, we know that they have discovered some exploits leveraging this vulnerability being used in the wild. The flaw resides in the FileReader component of your browser, which is the piece of programming that lets Chrome applications read files on your computer, such as when you need to upload a file or attach something to an email via a webmail portal. It makes it easier for programmers to initiate a pop-up box allowing you to select from your local files. Through this vulnerability, is possible that if a user is tricked into opening a malicious webpage, an attacker may be able to run remote code and install malware without the user’s knowledge.
If you have Chrome installed on any operating system, be it Windows, MacOS, or a distribution of Linux, you are vulnerable. Always make sure you have the latest updates to stay protected.