An important zero-day vulnerability that affected Google Chrome has been patched and Google wants you to avail the update as soon as possible. The company has emphasized that attackers have been actively exploiting the vulnerability.
Google Chrome’s Security Lead and Engineering Director, Justin Schuh, took to Twitter explaining the vulnerability. In his tweets, he explained that the past zero-day vulnerabilities went after Chrome by using Flash as an exploit. But Flash could be updated separately and Chrome would automatically switch to the fixed Flash. But the new exploit was different.
He tweeted: “initial chain targeted Chrome code directly, and thus required the user to have restarted the browser after the update was downloaded. For most users the update download is automatic, but restart is a usually a manual action.”
Google on its blog post said that this vulnerability was being used in tandem with another exploit that was attacking Windows 7 32-bit systems. The Windows vulnerability patch is in works but the Chrome vulnerability was patched with the CVE-2019-5786 security update. Google has asked its users to verify if their Chrome has already updated to 72.0.3636.121 or later. The company also thanked all the cybersecurity researchers who worked with the company to prevent these bugs from reaching the stable channel.