Google revealed a "critical" security vulnerability in Chrome last weeks but remained tight-lipped about what exactly had gone wrong. We now have an idea, and "critical" is putting it lightly.
Sophos security researcher Paul Duckling wrote in a blog post that the fix in Chrome version 81.0.4044.113 patches a vulnerability that lets attackers avoid Chrome's usual security checks (via Tom's Guide). It also bypasses what Duckling calls "are you sure" dialog boxes -- those pop-ups that appear when you might be approving something you shouldn't.
The one detail Google provided in its security notice is that the bug is what's called a "use after free" exploit. These memory corruption vulnerabilities can be used by hackers to run malicious code by taking control of memory after it has been freed for other apps to use.
In the case of this Chrome flaw, the use after free exploit would let a bad actor "change the flow of control inside your program, including diverting the CPU to run untrusted code that the attacker just poked into memory from outside," Duckling wrote.
Google marked this vulnerability as "critical," which means attacks can be conducted remotely, or without an attacker gaining physical access to a system. If the flaw was present in all versions of Chrome, it could impact the two billion people who use Chrome as their preferred browser.
Google Chrome bug: How to protect yourself
This is all scary stuff but there is some good news. Google is expected to roll out the patch for Windows, Mac and Linux over the coming days and weeks.
Protecting your laptop or desktop is as simple as updating Chrome once the update comes through. To do so, press on the three vertical dots in the top-right corner of the browser. Choose Settings and select About Chrome on the left side of the screen. Chrome will automatically run a check for the latest version and update your browser (save your work because Chrome will relaunch once it's done updating).
If you're running Chrome version 81.0.4044.113 or later then you're safe. If you aren't, then continue checking for updates or enable automatic updates so you get crucial security patches as early as possible.
Stay in the know with Laptop Mag
Get our in-depth reviews, helpful tips, great deals, and the biggest news stories delivered to your inbox.
Phillip Tracy is the assistant managing editor at Laptop Mag where he reviews laptops, phones and other gadgets while covering the latest industry news. After graduating with a journalism degree from the University of Texas at Austin, Phillip became a tech reporter at the Daily Dot. There, he wrote reviews for a range of gadgets and covered everything from social media trends to cybersecurity. Prior to that, he wrote for RCR Wireless News covering 5G and IoT. When he's not tinkering with devices, you can find Phillip playing video games, reading, traveling or watching soccer.