If you're running a Chrome browser, update it now.

If you’re not running the latest version of Chrome (88.0.4324.150), you may be putting yourself at risk of attackers installing malware on your device or directing you to web pages that allow them to control your device remotely.

Chrome’s IT staff have identified a zero-day vulnerability in Chrome (see Chrome Releases: Stable Channel Update for Desktop), which means that it's an exploitable flaw in the software and you should patch Chrome as soon as possible.

To check if you’re up-to-date, open Chrome and go to the Settings page “About Chrome” by typing chrome://settings/help into the address bar. This will display your version number and automatically check for updates at the same time.

According to a report by Google’s Threat Analysis Group, it appears to be a campaign by what they believe were North Korean nation-state hackers -- called "ZINC" by Microsoft security researchers -- against cybersecurity professionals.

For more details, read New Chrome Browser 0-day Under Active Attack—Update Immediately!. See also a full description of the vulnerability, along with definitions of terms such as vulnerability, exploit and zero-day, in the article Chrome zero-day browser bug found – patch now! from Naked Security by Sophos.

 

General Alert
Security Alert

Written by pfalcon@brown.edu on