Google Chrome web browser vulnerability

Our advisories highlight current cyber security threats and vulnerabilities in New Zealand, and provide guidance on how to mitigate their impact.

Subscribe to our updates to be notified as soon as we publish an advisory.

1:55pm, 7 March 2019

TLP Rating: Clear

Google Chrome web browser vulnerability

Attackers are exploiting a new vulnerability in Google Chrome. In this instance, the attacker can run arbitrary code within the context of the user running Chrome, but outside of the Chrome sandbox.

Google have released a patch to mitigate the vulnerability. CERT NZ recommends you check Chrome is up-to-date, and upgrade it immediately if not. 

What to look for

How to tell if you're at risk

Versions of Google Chrome earlier than version 72.0.3626.121 are at risk. Check if you are up-to-date by visiting chrome://settings/help . Visiting this page should automatically update your browser if it’s out-of-date.

Google reports an exploit for this vulnerability exists in the wild.

What to do

Prevention

Check you’re using the most up-to-date version of Google Chrome available. Version 72.0.3626.121 is the most recent version at time of writing this advisory.

Once Chrome is up-to-date, it is no longer vulnerable. 

More information

Vulnerability information from Chrome External Link

Critical Control: Patching 

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ

For media enquiries, email our media desk at certmedia@cert.govt.nz or call on 021 854 384