Google warns of security flaws in Chrome and Windows
Google has warned Chrome users to update their browsers after the discovery of two ‘high severity’ zero-day vulnerabilities, which were being used by hackers to gain access to computers. The first software bug was in Chrome itself, while the second was in Windows, with Google warning that the two flaws were being used together. A zero-day vulnerability is one
that’s already being used by hackers. Often, such flaws are spotted by security researchers, but Google said it had already seen these two being used by cybercriminals. The attackers use the two flaws together, taking advantage of the bug in Chrome to attack other programs. Normally, Microsoft’s operating system prevents this from happening, but a weakness in Windows 7 allows applications to interact. The Chrome bug exploits a system
built into the browser called FileReader, which is an API – a piece of code that allows applications to connect. This lets browsers or other apps see files, such as documents or photos, that are stored on your computer – handy if, for example, you want to upload a photo to attach to an email or share on social media. However, attackers have found a way to use it as a bridge to leap across from the browser to the operating system. Google has already fixed the bug in Chrome, while at the time of writing.
Microsoft was working on a fix for its side of the vulnerability. With the updated browser now secure, hackers will have to find a new route to the operating system.
How will it affect you?
Google pushed out an update that patched the flaw, then issued its warning, so any Chrome users should be immediately protected because the browser automatically downloads and installs updates. If you’re not sure whether your version of Chrome is up to date and secure, check the version number by clicking the three-dot menu button in the top-right corner of the browser and choosing Settings, Help, About Google Chrome. Alternatively, type chrome://settings/help in your address bar and press Enter. If your version number is 72.0.3626.121 or later, you’re safe from this particular flaw. If you’re not up to date, click the button to get the latest version. The Windows vulnerability only seems
to be present in Windows 7, because Microsoft has built tougher protections into newer versions of the operating system. If you’re using Windows 10, this flaw definitely won’t affect you, Microsoft has said, but the weakness in Window 7 that let hackers take advantage of the Chrome bug still exists for the time being. That means any similar vulnerabilities found in other software could still leave you at risk, although there aren’t yet any specific threats to be worried about. The advice to stay secure
remains the same: keep your software up to date so you’re patched against the latest bugs, and use the most recent version of whatever operating system you favor. If you’re running Windows, it’s now best to use Windows 10 for security and peace of mind. Anyone remaining on Windows 7 has until January 2020 to upgrade, because after that point Microsoft will no longer offer security updates or support for computers running the decade-old OS.
What do we think?
This security scare highlights the merits of Google Chrome’s automatic update system. Most users will have been protected from the flaw in the browser well before they even heard any warning about the attacks. This incident also shines a light on
Windows 7 and those who still use that operating system. It’s easy to understand why some people stay loyal to Windows 7: it’s an excellent piece of software, upgrading probably means buying a new computer and Windows 8 was notoriously buggy and irritating to use. But Windows 10 is a return to form, and if your PC is relatively recent, has at least 20GB of hard-drive space and a 1GHz processor, you may be able to upgrade without buying new hardware. Because Windows 7 is retiring next
year, security problems will only get worse. If you’re still using a computer running Windows 7 – or know someone who is – it’s time to consider an upgrade. Any learning curve involved is worth the effort to keep you safe.