Update Google Chrome NOW: Hackers could hijack your computer using a flaw in the browser that lets them install malware without you knowing
- Google tells users to update the browser immediately due to a disruptive bug
- The bug is more dangerous as it targets Chrome directly not third party apps
- One bug was fixed but Google won’t reveal the full effect of the loophole yet
- Users must also actively reboot their computers in order to expel the flaw
Google’s lead security engineer has warned users to update Chrome immediately or risk having their system hijacked.
A security breach was uncovered by hackers on the desktop version of Chrome before the company itself realised.
It meant that Chrome browsers were ‘actively under attack’ before Google could create an update with bug fixes.
Delays like this give hackers a head start, and leave users’ systems vulnerable before an update is installed.
Google also highlighted that an actively reboot is required after installation in order to ‘nullify’ the flaw that could still be downloaded on the computer.
Google has warned users to update Chrome immediately if they don’t want their system hijacked (stock image). A security risk known as ‘CVE-2019-5786’ was revealed by hackers and left browsers exposed while the company created an updated version Chrome with bug fixes
Google’s lead security engineer Justin Schuh writing on Twiter, warned users: ‘Seriously update your Chrome installs… like right this minute.’
Mr Schuh added that unlike previous bugs found in Chrome which have targeted third-party software linked to the browser, this bug ‘targeted Chrome code directly’.
He said it is worth alerting users more publicly as the fix requires them to take the extra step of manually restarting the browser after the update to nullify the exploit had been downloaded.
Google announced one security fix to the flaw, called ‘CVE-2019-5786’, available with the 72.0.3626.121 version of Chrome.
On its website, Google said: ‘Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild.
The exploit relates to a part of the Chrome software called FileReader, which allows web apps to read the contents of files stored on a user’s computer when allowed to by the user.
Google has not released any further details on the bug, saying: ‘Access to bug details and links may be kept restricted until a majority of users are updated with a fix.’
This is to prevent copycat hackers from using similar techniques to try and break into people’s accounts.
Experts say that the bug could even allow hackers to hijack computers remotely.
A security breach was uncovered by hackers before Google realised, which means browsers were exposed before the firm managed to create an update with fixes (stock). The update take less than a minute to install and using an old version could allow a malware attack
Users can update their version of Chrome by selecting the Help option from the browser’s menu bar and then the About Google Chrome option.
‘Access to bug details and links may be kept restricted until a majority of users are updated with a fix’, said Google.
‘We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed’, the blog said.
Google frequently releases new versions of its browsers to fix bugs that make the system vulnerable to attacks.
Most of the time, these are regularly made by Google before bugs are able to cause significant damage.
Chrome is the most commonly used web browser in the world, with more than two billion active users.
HOW CAN YOU PROTECT YOUR INFORMATION ONLINE?
Because hackers are becoming more creative, security experts are warning that consumers need to take all possible measures to protect their identities (file photo)
- Make your authentication process two-pronged whenever possible. You should choose this option on websites that offer it because when an identity-specific action is required on top of entering your password and username, it becomes significantly harder for fraudsters to access your information.
- Secure your phone. Avoiding public Wifi and installing a screen lock are simple steps that can hinder hackers. Some fraudsters have begun to immediately discount secure phones altogether. Installing anti-malware can also be beneficial.
- Subscribe to alerts. A number of institutions that provide financial services, credit card issuers included, offer customers the chance to be notified when they detect suspicious activity. Turn those notifications on to stay informed about credit card activity linked to your account.
- Be careful when issuing transactions online. Again, some institutions offer notifications to help with this, which will alert you when your card is used online. It might also be helpful to institute limits on amounts that can be spent with your card online.