“The update is rolling out to all platforms including Mac, Windows, Linux and Android”
Google has just revealed that its latest security update for Chrome was intended to fix a zero-day vulnerability. The company’s statement comes after the Search giant released Chrome version 72.0.3626.121 update last week for Mac, Windows, and Linux. However, it was only yesterday that the company revealed the “High” severity nature of the vulnerability being used as a security exploit by malicious parties. Google’s security team is now urging Chrome users on all platforms to update to the latest version as soon as the security fix shows up on their devices.
Google’s internal Threat Analysis Group found the security threat yesterday internally called High CVE-2019-5786. It takes advantage of the FileReader API that allows websites to read local files, and, in worst cases, could even be exploited to execute malicious code. For those who are unaware, zero-day is a security threat that the original software maker was unable to see during its testing before the release of the software. The threat gets detected later when it is publicised and has to be fixed later on. The update is rolling out to all platforms right now including Android while Chrome OS users should have already received the OTA. Mac, Windows, and Linux users can also manually update their browsers by heading to chrome://settings/help in case the OTA has not been received. Chrome OS users can also follow similar steps in case they don’t receive an update notification.
In a related story, Google is experimenting with the dark mode for Chrome albeit in the experimental Canary channel. With Android Q set to get a system-wide dark mode, we could see the browser also getting the feature in the near future.