Google Chrome flaw leaves billions open to spyware attacks — update now!

Google Chrome flaw leaves billions open to spyware attacks — update now!
(Image credit: Future)

There's been an emergency security update released for Google Chrome in response to its fifth zero-day vulnerability discovered this year. According to a report from BleepingComputer, this latest zero-day (CVE-2023-5217) is extremely dangerous as hackers have come up with many ways to exploit the vulnerability. 

Google suggests all Chrome users update immediately to protect themselves. In a recent security post, the Google Chrome team explained that the latest update for macOS, Linux, and Windows included ten security fixes that address three major security flaws that leave users vulnerable. According to Google, it could take weeks for this security patch to reach all Chrome users, in most cases your browser will auto-update or prompt you, which is what I experienced as soon as I logged in this morning. 

The actual threat

The emergency update addresses three vulnerabilities, with CVE-2023-5217 being what's called a heap buffer overflow weakness in the VP8 encoding in libvpx. The weakness was discovered by Goole's Clément Lecigne from the company’s Threat Analysis Group (TAG) and it could lead to arbitrary code executions and app crashes. 

Google's TAG team, has historically had success locating and neutralizing serious zero-day attacks that are often used against celebrities and politicians, as well as journalists. A Google TAG team member, Maddie Stone recently tweeted a confirmation of the zero-day fix being implemented, although threat actors had already begun exploiting it. 

Although Google has not gone into further details, it has assured its over three billion users that this vulnerability has been discovered and fixed. However, once an attack like this becomes public knowledge, you will see copycat threat actors try to come up with their own exploit attacks. 

This is why it is very important you make sure to update Google Chrome ASAP!

How to stay safe

Google Chrome flaw leaves billions open to spyware attacks — update now!

(Image credit: Future)

Your best option to stay safe is to make sure that as soon as you notice the Update icon in the top right of your browser, click on it and update. If you want to know how to update Chrome manually, you start by clicking on the three-dot menu, opening Settings, and then going to About Chrome. Also,  Google also uses a color-coded warning system to let you know when new updates for its browser are available. 

Google even color codes update information, and they appear as a bubble right next to your username. The color will change based on when a new update is released. If you see a green bubble, it means the current update is two days old. If you see orange the update is 4 days old, while a red bubble indicates the update was released within the past week. 

If you want even. more protection, I would have a look at our best antivirus apps page. 

Mark Anthony Ramirez

Mark has spent 20 years headlining comedy shows around the country and made appearances on ABC, MTV, Comedy Central, Howard Stern, Food Network, and Sirius XM Radio. He has written about every topic imaginable, from dating, family, politics, social issues, and tech. He wrote his first tech articles for the now-defunct Dads On Tech 10 years ago, and his passion for combining humor and tech has grown under the tutelage of the Laptop Mag team. His penchant for tearing things down and rebuilding them did not make Mark popular at home, however, when he got his hands on the legendary Commodore 64, his passion for all things tech deepened. These days, when he is not filming, editing footage, tinkering with cameras and laptops, or on stage, he can be found at his desk snacking, writing about everything tech, new jokes, or scripts he dreams of filming.