Critical Chrome security flaw revealed — how to update now
Critical Chrome security flaw revealed — how to update now
Heads up, Google Chrome users: Patch your browsers if you can, because in that location's a security flaw that is currently existence used in active attacks.
The flaw is in the FreeType font library that underlies Chrome and all Chromium-based browsers, including Brave, the new Microsoft Edge, Opera, Vivaldi and dozens of others.
- Chrome won't clear your Google and YouTube information — fifty-fifty if you tell it to
- Best Android browsers for your favorite mobile devices
- Latest: WhatsApp is getting a huge update and Zoom should worry
A mistake in the way the FreeType library handles prototype sizes permits a memory buffer overflow, permitting hackers and malicious websites to run unauthorized code and possibly take over the browser.
"The stable channel has been updated to 86.0.4240.111 for Windows, Mac & Linux which will gyre out over the coming days/weeks," wrote Google Technical Plan Manger Prudhvikumar Bommana on the official Chrome blog Tuesday (Oct. twenty).
Because the flaw lies in Chromium, the open-source underpinnings of Chrome, other Chromium-based browsers will demand to be updated as well. We didn't see whatsoever updates available for Dauntless or Edge every bit of this writing October. 21.
How to update Chrome
To update Chrome manually on Windows and macOS, you can in nigh cases simply relaunch your browser and the update volition install automatically if an update is bachelor. (It was bachelor for Chrome on our chief Windows PC.)
Otherwise, click the three stacked dots at the upper right corner of the browser window, motion downwards the popular-up windows to Help, then click Most Google Chrome. A new tab will open and start the update if one is available, after which you take to relaunch the browser.
The update procedure is the aforementioned in Dauntless. In Edge, it's "Three Dots" --> Settings --> About Microsoft Border. Other Chromium derivatives may vary in their update procedures.
On Linux, Chrome updates depend on your distribution. (Ubuntu rolls Chrome updates into the regular daily updates as long as you take the update manager configured properly.) On mobile devices, the apps should prompt you to update when an update is available.
High severity
The FreeType flaw, listed as CVE-2020-15999 and classified as "Loftier" severity, was discovered by Google'south own Sergei Glazunov. Neither Bommana nor Glazunov gave details well-nigh who was exploiting this flaw, although Google is expected to post technical details on Oct. 26.
Simply considering Glazunov posted code for a patch on a FreeType developers' forum, information technology'south likely that other attackers will be able to figure out what'southward wrong and arts and crafts their own exploits.
Four other security flaws are patched in Chrome 86.0.4240.111 for desktop ranging in severity from "Loftier" to "Medium".
Bommana did not mention Chrome on mobile devices, but our Android version of Chrome got an update to version 86.0.4240.110 this forenoon, which is probably related. Our Chromebook updated to version 85.0.4183.131, which sounds similar it might be dissimilar.
Source: https://www.tomsguide.com/news/chrome-86-security-patch
Posted by: cannadygles1968.blogspot.com
0 Response to "Critical Chrome security flaw revealed — how to update now"
Post a Comment