Google Finds Zero-Day Vulnerability in Chrome, Urges Immediate Updates
No piece of software is perfect, and sometimes vulnerabilities can go undiscovered for a long time. For instance, a WinRAR flaw was out in the open for almost two decades. Google’s latest Chrome bug isn’t that old, but it’s much more dangerous. Google has issued a patch for the vulnerability, but this is a “zero-day” flaw, meaning there are already online troublemakers using the vulnerability to attack Chrome. If you haven’t let Chrome update recently, take the time to do it now.
Google says this vulnerability is so severe that it’s withholding details until most Chrome installs have been patches to the latest version, which is v72.0.3626.121 in the stable channels. There should be corresponding updates in the beta and dev channels as well. Google’s blog post on the vulnerability calls it “CVE-2019-5786: Use-after-free in FileReader.”
All we know right now is that the attack involves the Chrome FileReader API. That’s the component that allows the browser to access local files on a machine. The “Use-after-free” bit refers to a class of vulnerabilities that could allow an attacker to execute malicious code on a machine. Since this was a zero-day, Google didn’t know anything about it. Thus, all Chrome installations were vulnerable.
Also, seriously, update your Chrome installs… like right this minute. #PSA
— Justin Schuh 🗑 (@justinschuh) March 6, 2019
We also do not know the scale of the attacks on Chrome, but Google was concerned enough to withhold most of the details. Browsers contain so much of our digital lives now that any vulnerability is potentially disastrous. Luckily, it’s very rare that nefarious online individuals will spot a serious vulnerability before Google or outside security researchers. We should know more about the flaw once most Chrome users are running a patched build.
It was Google’s own Threat Analysis Group that spotted the flaw in Chrome on Feb. 27. The patch started rolling out shortly thereafter. Chrome gets frequent updates, and depending on your usage pattern, it may already be installed. The browser automatically updates when you restart it. However, some people leave Chrome instances running for weeks at a time without giving it a chance to update. Now is the time to give Chrome a breather if you haven’t.
You can find out what version of Chrome you’re running by going to Settings > Menu > About Chrome. If it’s not updated, you can initiate a manual download.
Continue reading
Astronomers Might Finally Know the Source of Fast Radio Bursts
A trio of new studies report on an FRB within our own galaxy. Because this one was so much closer than past signals, scientists were able to track it to a particular type of neutron star known as a magnetar.
Scientists Find Planet Where It Rains Molten Rock
The ground is rock, the seas are rock, and yes, even the air is rock.
Apple’s M1 Continues to Impress in Cinebench R23, Affinity Photo
New Cinebench R23 benchmarks paint AMD in a more competitive light against the M1, but Apple's SoC still acquits itself impressively. The Affinity Photo benchmark, however, is a major M1 win.
Nvidia: RTX 3000 GPUs Will Remain Hard to Find Into 2021
There's no hope for a near-term improvement in RTX 3000 GPU availability. Shortages will likely continue through the end of this year and into the beginning of 2021.