Update Google Chrome NOW: Hackers could hijack your computer using a flaw in the browser that lets them install malware without you knowing
- Google tells users to update the browser immediately due to a disruptive bug
- The bug is more dangerous as it targets Chrome directly not third party apps
- One bug was fixed but Google won’t reveal the full effect of the loophole yet
- Users must also actively reboot their computers in order to expel the flaw
Google’s lead security engineer has warned users to update Chrome immediately or risk having their system hijacked.
A security breach was uncovered by hackers on the desktop version of Chrome before the company itself realised.
It meant that Chrome browsers were ‘actively under attack’ before Google could create an update with bug fixes.
Delays like this give hackers a head start, and leave users’ systems vulnerable before an update is installed.
Google also highlighted that an actively reboot is required after installation in order to ‘nullify’ the flaw that could still be downloaded on the computer.
Google has warned users to update Chrome immediately if they don’t want their system hijacked (stock image). A security risk known as ‘CVE-2019-5786’ was revealed by hackers and left browsers exposed while the company created an updated version Chrome with bug fixes
Google’s lead security engineer Justin Schuh writing on Twiter, warned users: ‘Seriously update your Chrome installs… like right this minute.’
Mr Schuh added that unlike previous bugs found in Chrome which have targeted third-party software linked to the browser, this bug ‘targeted Chrome code directly’.
He said it is worth alerting users more publicly as the fix requires them to take the extra step of manually restarting the browser after the update to nullify the exploit had been downloaded.
Google announced one security fix to the flaw, called ‘CVE-2019-5786’, available with the 72.0.3626.121 version of Chrome.
On its website, Google said: ‘Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild.
The exploit relates to a part of the Chrome software called FileReader, which allows web apps to read the contents of files stored on a user’s computer when allowed to by the user.
Google has not released any further details on the bug, saying: ‘Access to bug details and links may be kept restricted until a majority of users are updated with a fix.’
This is to prevent copycat hackers from using similar techniques to try and break into people’s accounts.
Experts say that the bug could even allow hackers to hijack computers remotely.
A security breach was uncovered by hackers before Google realised, which means browsers were exposed before the firm managed to create an update with fixes (stock). The update take less than a minute to install and using an old version could allow a malware attack
Users can update their version of Chrome by selecting the Help option from the browser’s menu bar and then the About Google Chrome option.
‘Access to bug details and links may be kept restricted until a majority of users are updated with a fix’, said Google.
‘We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed’, the blog said.
Google frequently releases new versions of its browsers to fix bugs that make the system vulnerable to attacks.
Most of the time, these are regularly made by Google before bugs are able to cause significant damage.
Chrome is the most commonly used web browser in the world, with more than two billion active users.