Google has issued an urgent warning concerning a critical security bug found in its Chrome browser which could possibly put billions of users at risk.
Google is tight-lipped on the exact details surrounding the vulnerability which bears the codename “CVE-2020-6457” and is termed as “use after free” exploit – which typically means that hackers could take advantage to run untrusted codes by controlling the free memory on the system.
The flaw is particularly dangerous as it could affect all two billion Chrome users across all the major operating systems, including Windows, Mac and Linux.
The flaw was found by security experts at Sophos, who warned that it could be a remote code execution or RCE vulnerability that lets interlopers execute commands remotely.
In a blog post written by Sophos security researcher Paul Ducklin, the exploit is described as allowing the hackers, “to change the flow of control inside your program, including diverting the CPU to run untrusted code that the attacker just poked into memory from outside, thereby sidestepping any of the browser’s usual security checks or ‘are you sure’ dialog.”
The firm suggested that since the flaw impacts a majority of the users, Google will wait for users to install the patched version of Chrome browser before revealing more details.
Google has so far urged users to update their Chrome browsers to the latest version 81.0.4044.113. While the company is rolling out the patched version of Chrome, experts have warned users to manually check and update the browser to the latest version where possible
To ascertain that you’re using the latest version of Chrome, go to About Chrome in menu option in the browser. If your browser version is older than 81.0.4044.113, then you need to install the latest update released by Google. It is also advisable to activate automatic updates on the browser so that you’re always running the latest and most secured version of the browser.