All Chrome Users Should Immediately Update their Browser

By

The Cybersecurity and Infrastructure Security Agency has released an email encouraging people to immediately update their version of Chrome.

CISA discovered a vulnerability in Chrome (running on Linux, macOS, and Windows) that could allow an attacker to exploit the browser and take control of the affected system. This vulnerability is a "Use-After-Free" issue, which is a class of memory corruption bug where a program continues to use a pointer after it's been freed. 

The update for Chrome is version 90.0.4430.212 and went live May 10. Any system using a version prior to that update is vulnerable to this Use-After-Free vulnerability. For any Linux chrome user on a managed system, the update should be automatic, so all that would be necessary is a restart of the browser (once you've been alerted). All other Linux users will have to either download the latest version of Chrome or run the update through their distribution package manager. One caveat to this is that the rollout of the new release will be happening over the coming days/weeks. At the moment, for the Linux operating system, the most recent version of Chrome is 90.0.4430.85, so be on the lookout for when Google releases the .212 update. 

You can check the official Google blog for release information.

05/17/2021
comments powered by Disqus