2 days Ago
Check your Chrome settings now Jaap Arriens/NurPhoto Chrome users are at risk from “previously unknown and highly sophisticated malware,” which prompted Google to issue a warning and an emergency update last month, and the U.S. government’s cyber defense agency to mandate users to update by April 17.
This update should now have downloaded to your device, but you need to check your settings where you may see a warning to restart your browser so the update can install. You should do this now — even if you have a raft of open tabs. These should reopen when the browser restarts, but even if not, the update takes precedent.
CISA’s update mandate formally applies to U.S. federal employees, but all users — enterprise and home — should take note.
Kaspersky , which discovered the vulnerability, warns that until updated, users are at risk from a one-click attack, with “no further action required to become infected” if you fall for a simple, email lure. Google has updated Chrome again since that attack warning, with April 1’s “promotion of Chrome 135 to the stable channel for Windows, Mac and Linux.” This update includes a raft of 13 further security fixes, albeit none as serious as last month’s.
“This particular exploit is certainly one of the most interesting we’ve encountered,” Kaspersky says, acknowledging that it “really left us scratching our heads, as, without doing anything obviously malicious or forbidden, it allowed the attackers to bypass Google Chrome’s sandbox protection as if it didn’t even exist.” It has been a fortnight since those warnings and there are now ten days left before CISA’s deadline expires. It’s during this period that risks increase for users, as attackers know they have limited time left to deploy their exploit.
The initial attacks targeted “media outlets, educational institutions and government organizations,” albeit that net could easily have widened since. The researchers warn that a second exploit was chained to mount attacks, albeit that has not been isolated and fixed as yet — as far as we know. The current update protects you from attacks — at least for now.
You can be sure the developers of the exploits will be working overtime. When you’ve finished reading this article, go to your settings and click on “Help—About Google Chrome,” then click “Relaunch.” You do have the option to click “Not now” to delay the restart, but my advice is to ensure the update installs today.
Beware, though, while normal tabs will reopen, your private browsing “Incognito” ones will not ..
