Google Chrome was carrying a serious vulnerability which has since been fixed through an update by the company and it has urged all users to upgrade to the latest version of the browser. There is a blogpost by Google which might have gone largely unnoticed, indicating that there existed an exploit identified as CVE-2020-6457. Google has not disclosed more details on the vulnerability but independent cybersecurity experts have dug into the details and found that the exploit stands marked ‘Reserved’ by the National Vulnerability Database of the United States. Google Chrome version 81.0.4044.113 takes care of this vulnerability.
If you have doubts if the Chrome browser on your Windows, Mac or Linux based system is running on this version, you can check yourself. Click on the three dots on the right top corner of the browser window. Click on Help>>About Chrome. You will get the version that is running. Match it with the above version. If you are still to have the latest version, get the update downloaded immediately. Your system may be vulnerable if you are running as older version.
Google’s description of the vulnerability stops at mentioning “use-after free in speech recognizer”. The longer explanation for this is that the use-after-free vulnerability can enable an attacker to divert the CPU to run untrusted code which he will plant from the outside. This may not be detected by the system’s security software and the usual “Are you sure you want to make changes” type queries or alerts won’t be prompted either. This kind of an exploit is known as remote code execution or RCE.
The reason Google might not have gone into full details is to avoid educating the hackers inadvertently and putting the Chrome users in jeopardy.
Incidentally, the new update from Google Chrome brings with it a new tab organization feature as well.