A significant vulnerability has been identified in Chrome, and unfortunately, it is already being exploited by attackers. Many users may still be unprotected, as the fix was only released last week on May 28th and officially announced this past Monday. You might be unknowingly vulnerable at this moment, just like I was.
For those who have received the update, a small notification should appear in the upper right corner of your Chrome window. By clicking this notification, the patch will be applied, and your browser will restart. If you haven’t noticed an update or if you’re unsure whether your browser is current, it’s essential to check your version number.
To verify your Chrome version, click on the three-dot settings icon located at the far right of your menu bar. From there, select Help and then About Google Chrome. Alternatively, you can type chrome://settings/help directly into your address bar.
If you find that your browser is outdated, Chrome will automatically begin downloading the newest version. On my work PC, for example, Chrome was still on version 137.0.7151.56 as of June 4th, two days after Google’s announcement. I had to manually trigger the update using the steps mentioned above.
This vulnerability allows attackers to access and execute code beyond established permissions. Clément Lecigne and Benoît Sevens reported the flaw, both of whom have identified issues in Chrome previously. As is typical with critical problems of this nature, further details regarding this specific flaw have not been disclosed to allow users the necessary time to implement the fix.
Hopefully, you now know how to ensure your browser is secure.