Hackers attacking Google Chrome — what to do now

(Image credit: Shutterstock)

Google terminal nighttime (Dec. 13) patched the desktop version of the Chrome browser to fix v security flaws, including one high-take a chance "nil-24-hour interval" vulnerability that'due south likely already being exploited "in the wild" past attackers. Updates may not reach all users right away.

The new updates take the current version of Chrome on Windows, Mac and Linux to version 96.0.4664.110. Windows and Mac users generally need to only shut and relaunch the browser to starting time the update; Linux users may need to look for their distributions to bundle the patch into regular update cycles. (Android and iOS versions of Chrome get separate updates.)

To make sure your Chrome installation is up to appointment, click the three vertical dots on the summit correct of the browser window. Mouse down and hover your cursor to Help, so click About Google Chrome.

A new tab volition open that either shows you that your version is up-to-date, or will begin a download of the new version if you're on Windows or Mac. If the latter happens, you'll just need to relaunch the browser.

Some other widely used browsers that share Chrome's open-source underpinnings, including Microsoft Edge, Dauntless, Opera and Vivaldi, take non yet been updated to the new version. Microsoft may be waiting until its own December Patch Tuesday circular of updates are pushed out later today (Dec. 14).

Loss of memory

The vulnerability that's already being exploited involves a "use after free" issues in V8, Chrome's JavaScript engine, according to the official Chrome Releases blog mail service.

"Utilise after complimentary" implies that some procedure in V8 is not properly "returning" its block of allocated retentiveness space to Chrome's fundamental repository, creating an opportunity for a malicious process to seize the memory cake and hack Chrome from the within. The discovery of the flaw was credited to an anonymous researcher.

The other four flaws involved Chrome graphics rendering and software libraries. Although those flaws weren't publicly disclosed earlier yesterday, it's likely that some attackers will try to effigy out what the problems are and craft exploits appropriately. Google won't reveal the details of each one for another 30 days.

Google this year has patched at to the lowest degree a dozen flaws in Chrome that counted as "zero days", meaning the flaws were publicly known of and probable exploited before Google had a chance to patch them.

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has likewise been a dishwasher, fry cook, long-haul commuter, code monkey and video editor. He'due south been rooting around in the information-security infinite for more than than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random Tv set news spots and even chastened a panel give-and-take at the CEDIA home-applied science conference. You can follow his rants on Twitter at @snd_wagenseil.