Google: Update Chrome now as attackers are 'actively exploiting' a bug
Another bug attackers are exploiting targets Windows 7 systems.
Google Chrome tends to auto update quickly and silently, but you may want to make sure you're on the latest version right now, as the company announced a zero-day vulnerability that it said attackers are "actively exploiting." As Chrome security engineer Justin Schuh explained in a series of tweets, the thing that makes this different from previous exploits that usually targeted Flash, is that the browser needs to be restarted for the fix to take effect.
If you're on Chrome's stable channel, then the latest update should install version 72.0.3626.121 with the fix.
Google also alerted users that the bug was being used in concert with a second exploit attacking the Windows operating system. According to its blog post, it may only impact people running Windows 7 32-bit systems, and those people are encouraged to upgrade to a newer version of the OS, or install patches when/if Microsoft makes them available (seriously, it's time to move on).
This link has more context on the 0day attack observed against Chrome. Separately, I want to expand on why it was important to call out this attack more prominently than previous 0day attacks against Chrome. [1/3] https://t.co/9rGkXa6BoI
— Justin Schuh 🗑 (@justinschuh) March 7, 2019
This newest exploit is different, in that initial chain targeted Chrome code directly, and thus required the user to have restarted the browser after the update was downloaded. For most users the update download is automatic, but restart is a usually a manual action. [3/3]
— Justin Schuh 🗑 (@justinschuh) March 7, 2019