Update Google Chrome immediately. There is a bug that is being actively exploited to hijack peoples computers. (1 Viewer)

[Gromett]

 

[Wombles]

Thank you Gromett - done now & shared

In case anyone doesn't know how to update Chrome (I had to to ask) then click on the three dots in top right of screen, then Settings, then About Chrome on left which should bring up details of your version & option to Update then don't forget to click Relaunch at the end of that.

 

[The Dudess]

Done it - thanks Gromett and Wombles

^{_{Subscribers  do not see these advertisements}}

 

[JockandRita]

Done it - thanks Gromett and Wombles

Ditto Ann's post. Thanks chaps.

Jock.

 

[Figaro]

In case anyone doesn't know how to update Chrome (I had to to ask) then click on the three dots in top right of screen, then Settings, then About Chrome on left which should bring up details of your version & option to Update then don't forget to click Relaunch at the end of

I don't get any option to update, just -
App version
Operating system
Legal info
Nowhere an option to update ??
Android 7.0

 

[charliesgrandad]

Done it thanks

^{_{Subscribers  do not see these advertisements}}

 

[Boringfrog]

I don't get any option to update, just -
App version
Operating system
Legal info
Nowhere an option to update ??
Android 7.0

I thinks it's just for Windows and Mac...

 

[TheBig1]

go to help -> about google chrome

 

[Wombles]

I don't get any option to update, just -
App version
Operating system
Legal info
Nowhere an option to update ??
Android 7.0

Don't think the update is needed for Android but sure Gromett will advise.

^{_{Subscribers  do not see these advertisements}}

 

[Rob and Val]

Gromett

 

[Figaro]

Don't think the update is needed for Android but sure @Gromett will advise

Those were options in About Chrome

 

[Wombles]

Those were options in About Chrome

When using an Android device understand that Chrome should automatically update if using it so you should be fine.

^{_{Subscribers  do not see these advertisements}}

 

[Gromett]

For Android it is updated by the play store. On linux it is done in package manager.

 

[Gromett]

In Chrome books it will be done automatically.

 

[Coolcats]

I tend to stay away from tracking companies such as Google they are very data hungry. Firefox and duck duck go seems to give me evrery thing I need and use apple products as well. None of this is perfect but it’s better than giving google everything.

^{_{Subscribers  do not see these advertisements}}

 

[TerryL]

I don't normally use Chrome but it is installed. Opened it, went onto the About Chrome tab and it updated without me doing anything else.

Thanks for the tip-off guys.

 

[Baldybazza]

Thanks Gromett - all done
Bazza

 

[Vipar]

You can delete it and reinstall with the latest app

^{_{Subscribers  do not see these advertisements}}

 

[davejen]

Thanks Grommet and wombles, all done.
Cheers, Dave

 

[chesterfield hooligan]

 

[Holly's mum]

Done, thank you Gromett and to Wombles for explaining how to

^{_{Subscribers  do not see these advertisements}}

 

[Blossom]

Gromett
Done it thank you

 

[nomadic]

My thanks too Hromett, all done..

 

[scousebird]

Done, thanks Gromett

^{_{Subscribers  do not see these advertisements}}

 

[JohnJan]

Can you enlighten me as to where your information of "a bug" came from?

 

[JockandRita]

Can you enlighten me as to where your information of "a bug" came from?

Knowing Karl's background, there is every chance it came from an inside industry source................long before it gets to become public knowledge.

Cheers,

Jock.

 

[Gromett]

Can you enlighten me as to where your information of "a bug" came from?

Knowing Karl's background, there is every chance it came from an inside industry source................long before it gets to become public knowledge.

Cheers,

Jock.

Sorry no insider knowledge. But as a major part of my trade I have to follow security extremely closely to ensure my clients servers are secure.

I follow security mailing lists, security blogs, software development teams and news sites.

I also follow the major security experts on Twitter, which is where I got this one within minutes of the update being announced.

There is also a CVE database (Common Vulnerabilities and Exposures) which can be read to see what if any of your software is exposed.

CVE - CVE

CVE security vulnerability database. Security vulnerabilities, exploits, references and more

CVEDetails.com is a vulnerability intelligence solution providing CVE security vulnerability database, exploits, advisories, product and CVE risk scores, attack surface intelligence, open source vulnerabilities, code changes, vulnerabilities affecting your attack surface and software...

www.cvedetails.com

I don't post them all here because it would be a full time job and most wouldn't affect people. Most security bugs are only relevant if you are a specific target.
This particular bug though could be used by hackers in an indiscriminate trawl.

I try to post on here whenever I see one that could affect most if not all of us on here. Mainly browser bugs and the occasional OS bug.

Zero day bugs are bugs that are known by hackers but haven't yet been patched and may not even be known about by the author of the software. These are the most serious.
When a white hat hacker (good guy) finds one, he will privately contact the author of the software and let them know. He will provide details of the bug and a proof of concept (PoC) usually including example code on how to replicate it. The author of the software will then have a period of time to create a patch and release it.

After this period of time has passed, the details and the PoC are released to security researchers who can then apply any lessons learned to other software etc. It is at this point that the PoC can and does get out into the wild and script kiddies will start using it to hack systems that haven't been patched.

This is why you should always update your software. When a company releases a patch it is usually because a bug has been found with security implications and it is only a matter of time until the script kiddies get hold of the PoC and will start indiscriminately abusing it.

The other thing to be aware of, is that once a company releases and out of schedule patch it is likely this patch just fixes one part of the code. In software we have a tool called diff which allows us to look at the difference in the code from before the patch compared to after the patch. Using this a hacker can see what has been fixed and figure out why. He can then use this to create his own exploit before the bug has become widely known.

It really is a race between the release of the update and the black hats being able to exploit it. So the quicker you update the smaller the window of opportunity for them.

^{_{Subscribers  do not see these advertisements}}

 

[Gromett]

Here is an example of one of many tweets I see each day. I then have to check/remember/decide if this will impact any of my clients and take action if it does.

 

[Indy259]

Thank you both of you, have done it.

 

[HandyAndy]

Chrome!! *spit
I don't use it.
Firefox for the win here.

^{_{Subscribers  do not see these advertisements}}