Warning Issued For Millions Of Google Chrome Users

Google recently gave Chrome users a reason to quit its browser altogether, but for the millions who inevitably choose to stay, they now need to react quickly to a serious new upgrade warning. 

Google Chrome users must urgently update their browsers

SOPA Images/LightRocket via Getty Images

Google Just Gave Millions Of Users A Reason To Quit Chrome

Forbes Gordon Kelly

In a new blog post, Google has confirmed three “High” level vulnerabilities within Chrome 80, one of which (CVE-2020-6418) is a zero-day exploit that “exists in the wild”. This makes sticking on the current version of Chrome an immediate danger. Neowin notes that the zero day exploit is a Type Confusion hack which exploits JavaScript and deliberately causes errors in the browser through which hackers can run unrestricted code.

02/26 Update: today ZDNet has revealed another crucial upgrade in Google’s new Chrome 80 release: a switch to the AES-256 algorithm to hash passwords stored locally inside Chrome’s internal SQLite database. This severely impacts the ability of hackers to extract passwords from the browser and ZDNet reports that black markets are already running out of hacked data to sell as a result. Needless to say, when one door closes cyber criminals will look to open another but, for now, Chrome 80 can chalk up an important win making this upgrade even more important.

This switch to AES-256 has resulted in Chrome-saved passwords having a different format than they had before. Albeit tiny inside Chrome’s huge codebase, this small change has crippled AZORult’s ability to extract passwords from Chrome browsers.

In response, Google has released Chrome 80.0.3987.122 with patches for all three exploits and users around the world should be receiving update warnings in their browsers right now. If you haven’t you can trigger the update process manually by going to the three-dot menu in the top right corner of Chrome > Help > About Google Chrome. 

Google Chrome users can go into settings and manually trigger the update if they have yet to receive … [+] a warning.

Gordon Kelly

This is Chrome’s third zero-day vulnerability in a year (a relatively low number), but when they come they need to be taken seriously. As such, if you are the type of person who typically ignores Chrome’s nagging when updates come along, today is a day you really need to pay attention. 

So kudos to Google for reacting quickly, but if you’re reading this article in Chrome you now need to do the same. 


Follow Gordon on Facebook

More On Forbes

Google Pixel 4, Pixel 4 XL Review: Smart Phones, Dumb Decisions

Google Pixel 3a Review: The Best Smartphone Under $500

Apple iPhone 12: Everything We Know So Far

Apple AirPods Pro Vs AirPods: What’s The Difference?

Continue reading at Forbes