News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Google reveals Chrome zero-day under active attacks

    Home Forums Code Red – Security/Privacy advisories Google reveals Chrome zero-day under active attacks

    Viewing 4 reply threads
    • Author
      Posts
      • #338390 Reply
        b
        AskWoody Plus

        Google Chrome users are advised to use the browser’s built-in update tool to trigger an update to 72.0.3626.121 version [released last Friday, March 1, 2019]. Users should do this right now, especially when the advice comes from Google Chrome’s security lead.
        Google reveals Chrome zero-day under active attacks

        5 users thanked author for this post.
      • #338581 Reply
        lylejk
        AskWoody Plus

        Don’t use Chrome in particular but do use a browser that uses the Chromium engine.  And to think Microsoft soon wants Edge to use the Chromium engine too.  What a joke.   As for me, I’ll continue use double sandboxed protection.   It’s been protecting my systems for over a decade and without a hitch.   🙂

      • #338621 Reply
        anonymous
        Guest

        Yeah I do not doubt C & C++ could be part of the problem, but people still type those code lines. 😉

      • #338726 Reply
        Kirsty
        Da Boss

        Put down the cat, coffee, beer pint, martini, whatever you’re holding, and make sure you’ve updated Chrome (unless you enjoy being hacked)
        Plus: Sandbox escape vuln in 32-bit Windows 7 boxes exploited

        By Shaun Nichols | 7 Mar 2019

         
        Updated If Google Chrome is bugging you to update it right now, please stop what you’re doing, and get that upgrade.

        Updated to add

        In a blog post today, Google has revealed a few more details, here. It also warns that it has discovered “a local privilege escalation in the Windows win32k.sys kernel driver that can be used as a security sandbox escape,” that primarily affects Windows 7. Security defenses in modern Windows editions block exploitation attempts.

        Google has spotted active attacks leveraging this privilege escalation flaw against 32-bit Windows 7 systems. Microsoft is still working on a patch for this bug, so stay tuned for an update soon. Or upgrade to Windows 10, ChromeOS, Linux… take your pick.

         
        Read the full article here

        1 user thanked author for this post.
        • #338732 Reply
          OscarCP
          AskWoody Plus

          Both in my PC and my Mac, Chrome is set to update automatically every time I use it, which is not every day, but occasionally, when visiting certain Web sites that “prefer” being contacted with it rather than with other browsers.

          Today, after I got an email about this problem (as I’m subscribed to the Forum where this thread is located) I started Chrome and checked the version it was running: it was already updated and running the new and safer version.

          Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

      • #338756 Reply
        Kirsty
        Da Boss

        Google Chrome users are advised to use the browser’s built-in update tool to trigger an update to 72.0.3626.121 version [released last Friday, March 1, 2019].


        Stable Channel Update for Chrome OS

        Tuesday, March 5, 2019
        The Stable channel has been updated to 72.0.3626.122 (Platform version: 11316.165.0) for most Chrome OS devices. This build contains a number of bug fixes, security updates and feature enhancements. A list of changes can be found here, including a fix for CVE-2019-5786.

        1 user thanked author for this post.
    Viewing 4 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Google reveals Chrome zero-day under active attacks

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.