There’s been an emergency security update released for Google Chrome in response to its fifth zero-day vulnerability discovered this year. According to a report from BleepingComputer, this latest zero-day (CVE-2023-5217) is extremely dangerous as hackers have come up with many ways to exploit the vulnerability.
Google suggests all Chrome users update immediately to protect themselves. In a recent security post, the Google Chrome team explained that the latest update for macOS, Linux, and Windows included ten security fixes that address three major security flaws that leave users vulnerable. According to Google, it could take weeks for this security patch to reach all Chrome users, in most cases your browser will auto-update or prompt you, which is what I experienced as soon as I logged in this morning.
The actual threat
The emergency update addresses three vulnerabilities, with CVE-2023-5217 being what’s called a heap buffer overflow weakness in the VP8 encoding in libvpx. The weakness was discovered by Goole’s Clément Lecigne from the company’s Threat Analysis Group (TAG) and it could lead to arbitrary code executions and app crashes.
Google’s TAG team, has historically had success locating and neutralizing serious zero-day attacks that are often used against celebrities and politicians, as well as journalists. A Google TAG team member, Maddie Stone recently tweeted a confirmation of the zero-day fix being implemented, although threat actors had already begun exploiting it.
Although Google has not gone into further details, it has assured its over three billion users that this vulnerability has been discovered and fixed. However, once an attack like this becomes public knowledge, you will see copycat threat actors try to come up with their own exploit attacks.
This is why it is very important you make sure to update Google Chrome ASAP!
How to stay safe
Your best option to stay safe is to make sure that as soon as you notice the Update icon in the top right of your browser, click on it and update. If you want to know how to update Chrome manually, you start by clicking on the three-dot menu, opening Settings, and then going to About Chrome. Also, Google also uses a color-coded warning system to let you know when new updates for its browser are available.
Google even color codes update information, and they appear as a bubble right next to your username. The color will change based on when a new update is released. If you see a green bubble, it means the current update is two days old. If you see orange the update is 4 days old, while a red bubble indicates the update was released within the past week.
If you want even. more protection, I would have a look at our best antivirus apps page.