Google Warns Users of Two Zero-Day Vulnerabilities in Chrome
Ron Perillo / 9 months ago
Update Strongly Encouraged
Normally, some users have auto-update enabled. However, in case you are unsure, simply go to Settings > About Chrome then see if it the version number 72.0.3626.121 matches.
How is this Security Threat Different from Previous Exploits?
Google was quick to issue an update due to the way these exploits work. Instead of attacking a plugin, these vulnerabilities apparently target the Chrome code directly.
This newest exploit is different, in that initial chain targeted Chrome code directly, and thus required the user to have restarted the browser after the update was downloaded. For most users the update download is automatic, but restart is a usually a manual action. [3/3]— Justin Schuh 🗑 (@justinschuh) March 7, 2019
If it is just a plugin, Chrome is actually smart enough that it could silently update the plugin behind the scenes without any user intervention. Since this is a zero-day exploit, users have to manually close the program and restart. Even if the software update is installed.
So far, this issue seems to be only affecting Windows 7 users. This issue so far does not seem to involve Windows 8.1 or Windows 10 OSes. However, precaution is necessary and updating to the latest browser version is safer.