It hasn’t been a month since Chrome 81 was released, but Google has already made another update after confirming two new high-security risks.
Google released Chrome 81 to make the system more secure. Unfortunately, that’s not exactly going as planned. Just recently, the tech giant found new security threats that could allow cyber-criminals to take over compromised systems.
Google Chrome Threats
The discovered security vulnerabilities are Use-After-Free errors. The term Use-After-Free refers to when a person attempts to gain access to memory after it has been freed. This can cause programs in a system to crash.
But in the case of Chrome, the vulnerabilities are flaws that could lead to systems being exploited using arbitrary codes or full remote codes. Attackers can use these codes to take over vulnerable browsers. Because of this, Google wants everyone to update their Chrome browsers as soon as possible.
The discovered threats are, namely, CVE-2020-6462 and CVE-2020-6461. These threats primarily affect browsers’ data storage capabilities and task scheduling.
According to Prudhvikumar Bommana, Google’s technical program manager, a Qihoo 360 researcher, Zhe Jin was the one who discovered the threats. In fact, he was even rewarded $10,000 for his discovery.
It should be noted that Qihoo 360 was also the one to discover an earlier vulnerability that prompted Google to make an update last April 15.
Criminal Tactics
Google has seemingly issued a gag order on the full details of the threats. However, the company would release the full details once most of the billions of Chrome users have updated their browsers.
Details are scarce on the severity of these issues. But since the CVE-2020-6461 affects storage, it is possible that attackers would create harmful web pages and trick users into visiting them. Furthermore, attackers can also use the same method to exploit the CVE-2020-6462 flaw focusing on task scheduling.
Government Warning
Google isn’t the only one pushing everyone to update their Chrome browsers. The government, too, has acknowledged the threats. In fact, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is advising everyone to update their browsers as soon as possible so that they don’t fall prey to attackers.
What You Can Do
The update will arrive on every Chrome browser eventually. But this could take a lot of time before it can happen. This is why people should just manually activate the update and not wait for it to roll out automatically.
This can be done by going to the About Google Chrome section of the browser. This would show people what versions of Chrome they currently have. If a newer version is found, the browser would suggest the update, and all people need to do is agree.
Images courtesy of Agnieszka Boeske and Shahadat Rahman/Unsplash