1:55pm, 7 March 2019
TLP Rating:
Google Chrome web browser vulnerability
Attackers are exploiting a new vulnerability in Google Chrome. In this instance, the attacker can run arbitrary code within the context of the user running Chrome, but outside of the Chrome sandbox.
Google have released a patch to mitigate the vulnerability. CERT NZ recommends you check Chrome is up-to-date, and upgrade it immediately if not.
What to look for
How to tell if you're at risk
Versions of Google Chrome earlier than version 72.0.3626.121 are at risk. Check if you are up-to-date by visiting chrome://settings/help . Visiting this page should automatically update your browser if it’s out-of-date.
Google reports an exploit for this vulnerability exists in the wild.
What to do
Prevention
Check you’re using the most up-to-date version of Google Chrome available. Version 72.0.3626.121 is the most recent version at time of writing this advisory.
Once Chrome is up-to-date, it is no longer vulnerable.
More information
Vulnerability information from Chrome External Link
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.
For media enquiries, email our media desk at certmedia@cert.govt.nz or call on 021 854 384
How helpful was this page?
This site is protected by reCAPTCHA and the Google Privacy Policy External Link and Terms of Service External Link apply.