Latest news with #ChromeUpdate
Forbes
2 days ago
- Forbes
Google Chrome Warning — Windows, Android, Mac And Linux Users Act Now
Update Chrome now. Google users are accustomed to being urged to update now, which is hardly surprising, as its products and services are a magnet for cybercriminals due to the extensive user footprint they enjoy. Google has advised users to replace all Gmail passwords and update to a passkey instead, following numerous account takeover attacks, Google Messages is getting a critical security update, and then there's Chrome, of course. Hot on the heels of a June 10 urgent Google Chrome browser security update, just a week later, the technology behemoth has confirmed yet another security scare that requires users of the world's most popular web browser across all platforms with the exception of iOS to update now. Google has now confirmed two new security vulnerabilities that impact users of Chrome across the Android, Linux, Mac and Windows platforms. The vulnerabilities, both given a high-severity rating and earning four-figure bounty rewards for the researchers who discovered and disclosed them, could enable a successful attacker to execute arbitrary code on your device with all the consequences that can bring. It is for this reason that it's vital you don't wait for the update to reach your browser in the 'coming days and weeks,' as Google noted in its June 17 confirmation, but rather kickstart that process now and ensure the security patches have been activated and are protecting your system. The two vulnerabilities are: CVE-2025-6191: An integer overflow security vulnerability in Chrome's V8. JavaScript rendering engine. CVE-2025-6192: A use-after-free security vulnerability in Chrome's Profiler function. The Google Chrome update process actually happens automatically, but, as Google has noted, it can take some days to reach your browser. When it does, you will see a notification when the update to version 137.0.7151.119/.120. This alone does not mean that you are protected; you need to activate the update in order for it to do that. Err on the side of caution and kickstart the updating process so you can be sure your browser and the data it can access are appropriately protected immediately. Kickstart your Google Chrome update now. Head for the Help menu and select About Google Chrome. This will check for and download the update, and then all you have to do is activate it for instant security from these vulnerabilities. Don't worry, your tabs will reopen as well, so you won't lose them. So, what are you waiting for? Android users simply need to update the Chrome app. Relaunch Google Chrome to activate security updates.
Forbes
3 days ago
- Forbes
Google Chrome Warning—Do Not Ignore 7 Day Update Deadline
New Chrome warning for 2 billion users. New warnings have been issued for Chrome's 3 billion users, emphasizing the need to keep browsers updated at all times. Google has just issued a new update, which fixes two high-severity vulnerabilities and should be installed right away. More critically, an ongoing update mandate deadline in now just 7 days away. America's cyber defense agency warns Chrome 'contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page.' CISA says update before June 26 or stop using Chrome. The formal mandate applies just to federal employees, but CISA operates 'for the benefit of the cybersecurity community and network defenders — and to help every organization better manage vulnerabilities and keep pace with threat activity.' That means all organizations should take note of this deadline and adhere if possible. That should be evident anyway, but a new warning has just detailed exploitation of a Google Chrome zero-day disclosed earlier this year. Kaspersky discovered 'a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers' website was opened using the Google Chrome web browser.' Now, Positive Technologies says its Threat Intelligence Department 'analyzed an attack that exploited [this] zero-day vulnerability (sandbox escape)' dating back to 2024. As I warned when CVE-2025-2783 was first disclosed, Google quickly released an emergency update and then CISA issued a 21-day update mandate. The current CISA update mandate is for CVE-2025-5419, which is also an 'out-of-bounds read and write in V8,' a similar memory issue to the integer overflow and use after free vulnerabilities patched this week, albeit those do not have known exploits as yet. We're two weeks into CISA's mandate, and so this is the period of maximum risk. Ensure your browsers are updated — which means restarting when it downloads. While home users should adhere to CISA warnings, it's more critical for enterprises likely to come under attack from sophisticated phishing campaigns exploiting these vulnerabilities. Remember, once the flaw is made public, it's a race against time for attackers to use it or lose it when browsers are patched. Do that right away.
Forbes
06-06-2025
- Forbes
New Chrome, Edge Deadline—Update And Restart All Browsers Now
Don't leave it too late. Google made headlines this week, releasing an emergency Chrome update and confirming it had quietly stopped attacks by pushing out changes to all browsers. This is not just a Chrome issue. Microsoft has also updated Edge to mitigate the same threat. With Chrome so dominant on Windows desktops, it's easy to overlook that Edge runs on the same Chromium platform and is often vulnerable to the same vulnerabilities. That's certainly the case here, and it means all users need to take note. CISA has now mandated federal staff update os stop using all Chromium browsers by June 26. 'This vulnerability could affect multiple web browsers that utilize Chromium,' it says, 'including, but not limited to, Chrome, Microsoft Edge, and Opera.' This is only mandatory for federal staff, but all users should do the same. Microsoft warns Edge users that its latest update 'contains a fix for CVE-2025-5419 which has been reported by the Chromium team as having an exploit in the wild.' This echoes Google's initial warning from June 2, which with its own emergency update. For its part, America's cyber defense agency warns this is a 'Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page." While browser vulnerabilities affect mobile platforms and Macs, the primary risk is with Windows PCs. Chrome dominates with a 65% market to Edge's 14%, albeit that is slowly growing. Other browsers remain also-rans outside Apple's ecosystem and Safari. Given Google's and CISA's warnings, updating immediately is critical. As Qualys points out, 'currently, no publicly available information exists regarding exploiting this Google Chrome vulnerability by any specific threat actors. The absence of reports does not necessarily mean the vulnerability is not being exploited.' As ever with such threats, the maximum risk is the period between public disclosure and the majority of users applying updates. Attackers know they're on the clock. That's why Google and others do not issue any further detail at this early stage.
Forbes
03-06-2025
- Business
- Forbes
Google Issues Emergency Update For All 3 Billion Chrome Users
Update all browsers now. Google has suddenly released an emergency Chrome update, warning that a vulnerability discovered by its Threat Analysis Group has been used in attacks. Such is the severity of the risk, that Google also confirmed that ahead of this update, The issue 'was mitigated on 2025-05-28 by a configuration change' pushed out to all platforms. Google says it 'is aware that an exploit for CVE-2025-5419 exists in the wild,' and that full access to details on the vulnerability will 'be be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.' CVE-2025-5419 is an out of bounds read and write in V8, the type of dangerous memory flaw typically found and fixed on the world's most popular browser. While it's only marked as high-severity, the fact attacks are underway means apply the fix is critical. There is already a U.S. government mandate for federal staff to update Chrome by Thursday or stop using the browser, after a separate attack warning. And there has been another high-severity fix since then, with two separate fixes. It is inevitable that this latest warning and update will also prompt CISA to issue a 21-day update mandate. There is a second fix included in this emergency update — CVE-2025-5068 is another memory issue, a 'use after free in Blink,' that was disclosed by an external researcher. NIST warns that CVE-2025-5419 'allows a remote attacker to potentially exploit heap corruption via a crafted HTML page,' and that it applies across Chromium, suggesting other browsers will also issue emergency patches. As usual, you should a flag on your browser that see the update has downloaded. You need to restart Chrome to ensure it takes full effect. All your normal tabs will then reopen — unless you elect not to do that. But your Incognito tabs will not reopen, so make sure you save any work or copy down any URLs you want to revisit.
Forbes
29-05-2025
- General
- Forbes
Android Users Need To Update Chrome Now — 8 Security Reasons Why
Update Chrome for Android now. LightRocket via Getty Images Smartphone users have had a rough old time of it lately as far as security issues are concerned. What with everything from specific PIN codes being flagged as insecure, an FBI warning of a new and highly dangerous attack threat, and Google advising about mobile threats targeting Android users. Of course, it's not all been bad news. I've reported how a secret code can stop Android smartphone attacks, and Google's recent Android updates have added smartphone security features anew. Now there's another Android update that Google has just dropped, and this one needs to be implemented as soon as possible. Don't wait, act today. Here are the eight security reasons why. Hardly a week goes by without a Chrome security update being released by Google, and that's a very good thing indeed, as it means your security is being protected. By discovering such vulnerabilities and releasing patches to fix them, Google enables you to shore up your smartphone before attackers can exploit them. Assuming, that is, you apply those updates as soon as they are released. And there, dear reader, lies the rub: many users wait until an automatic update arrives, even though, as Google readily admits, this can take days or weeks. Days or weeks that leave an opportunity for hackers to attack. That's why it's imperative to kickstart any update as soon as it has been confirmed, using the usual methods for the desktop, or by downloading the latest app for Android. And it is the latter that needs your attention now, today. Google has confirmed in a May 28 posting that Chrome for Android 37.0.7151.61 will become available on Google Play in the coming days. Go and check now, and update if it's there. This release includes fixes for eight listed Common Vulnerabilities and Exposures, that's eight security issues that could impact your safety if not addressed. The CVEs are as follows: High Medium Low So, you know what to do: check that your Chrome for Android app is up to date and check it now.
