Google is advising anyone who uses the Chrome browser to make sure their browsers have the latest update, which patches a “high” risk security flaw that hackers are already exploiting on unsuspecting victims.
It’s common practice when bugs are disclosed to not immediately share details of how they work until a majority of users have a security patch. The practice allows companies like Google to notify users, and roll out updates, without tipping off any potential bad actors.
While little is known about how the threat, called CVE-2019-5786, works, Justin Schuh, Google’s Chrome engineering and security desktop lead, tweeted on Tuesday that everyone should update their Chrome browser “right this minute” on every device.
First reported on February 27th, Google was quick to release an update two days later on March 1st to address the issue. In all likelihood, your Chrome browser updated itself automatically, but if you want to check, go to Help >About Google Chrome, and make sure you’re on version 72.0.3626.121. If not, update right away.
The (relatively) good news is that, as of yesterday, Google has “only observed active exploitation against Windows 7 32-bit systems,” so if you’re on Windows 10 (or even Windows 8), you’re probably in the clear. Nevertheless, there’s no point in taking any risks, so be sure that your browser is up to date, and if it isn’t, update today.