Google fixes zero-day flaw in Chrome and Chrome OS
Flaw created by memory corruption bug in FreeType font-rendering library
Project Zero, Google’s security team responsible for finding these vulnerabilities, discovered hackers were using the bug to attack Chrome users’ systems. Google patched Chrome’s flaw a few days ago, and has now rolled out a fix for Chrome OS.
Other functional changes in the Chrome OS update include fixes for the 'Clear all' button and 'Pairing lost' notification, and flags for modifying the protection level against Spectre.
If you’re uncertain whether your Chrome OS is up to date or not, here’s how to find out if there’s a Chrome OS update:
- Click the “Settings” gear icon on the lower right corner of your screen
- Click “About Chrome OS” on the bottom of the left panel
- Find your Chrome OS version under “Google Chrome OS”
- Click “Check for updates”
- Your Chromebook will automatically download an update if one’s available
- Restart your Chromebook to complete the update
Two days ago, Google also launched Chrome version 86.0.4240.111, which included a patch for Chrome’s zero-day security vulnerability.
Users should have the Chrome patch by now, but you can check if your Chrome browser is up to date with these steps:
- Open your Chrome browser and look the three vertical dots on the top right corner
- If the dots are colored, there is a pending update
- Green means the update it less than two days old
- Orange means the update is about four days old
- Red means the update is a least a week old
- If the dots are colored, click them to open the menu
- Click “Update Google Chrome”
- Exit your Chrome browser and reopen it to complete the update
A zero-day security vulnerability is a previously unknown software flaw that would be of interest to the software developer or vendor. Cybercriminals and hackers can exploit this flaw to attack users, computer programs, data, other computers or a network.
Four cyber security essentials that your board of directors wants to know
The insights to help you deliver what they needDownload now
Data: A resource much too valuable to leave unprotected
Protect your data to protect your companyDownload now
Improving cyber security for remote working
13 recommendations for security from any locationDownload now
Why CEOS should care about the move to SAP S/4HANA
And how they can accelerate business valueDownload now