Google has issued a critical update warning to its two billion Chrome users across the globe.
After Google released the latest Chrome upgrade recently, the software giant is now out to alert its billions of users about the potential risk that they could face.
In a blog post, Google warned Windows, Mac, and Linux users that there is a presence of potential risk of a critical bug.
Google urged its users to upgrade to the latest browser version, 81.0.4044.113 which will roll out in the days or weeks ahead. The company stated through its website that details and links about the bug will be kept restricted for the moment.
Moreover, Google guarantees that it will release the details of the bug once the majority of the users are already updated with the latest browser version.
The Critical exploit CVE-2020-6457
Google was referring to the exploit CVE-2020-6457 as said in the post. The description that went along described, “Use after free in speech recognizer.”
Google did not provide more details on the bug, but news began to spread. Questions such as why the company would issue the said warning quietly and keep a mystery on the details of the vulnerability.
However, sources provided answers to the said questions and revealed that the US government’s National Vulnerability Database marked the exploit CVE-2020-6457 as Reserved.
Furthermore, Sophos, a security specialist described the bugs marked “use-after-free” as the most serious kind of threat. It has the potential of making the CPU run untrusted code inserted from the outside.
It can disable the security warnings that any bugged device is supposed to prompt before running a program. It can also sidestep the “are you sure” dialogs which are a part of a browser’s usual security check.
Without the said security check, it is easy for hackers to implant malware on target devices. The specialist labeled the bug as remote code execution (RCE). This means that hackers can run commands and codes on a device without the user realizing that something is going on.
Scope of vulnerability
The exploit (CVE-2020-6457) will continue to put Windows, Mac and Linux users at risk until they decide to go for an upgrade to the latest browser version. On the other hand, Chrome users running an older version of the browser are susceptible to the bug.
Experts are calling all Chrome users to check if they are already running the latest browser version and to not rely on automatic updates once the upgrade rolls out.
Image courtesy of 377053/Pixabay