Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Chrome zero-day is under active attack: patch your browser now

Chrome users: before you read any further, do us a favour and check your current version (menu > help > about Google Chrome.) If it says the version number is 72.0.3626.121, then breathe a sigh of relief. If it isn’t, then run through the prompted updated and come back.

The reason for the urgency? Google has revealed that the cause of last week’s CVE-2019-5786 update was the uncovering of a zero-day exploit which is actively under attack. Or as Google security research Justin Schuh put it:

It’s not quite clear what the full nature of the exploit is: Google sensibly declines to reveal details until the risk is widely mitigated via the security patch, to prevent copycats making the problem worse. As the official release page says: “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

What we do know from the official release notes is that it seems to be something to do with Chrome’s FileReader, which is an API designed to let web apps read local contents of a user’s computer. It’s reportedly a use-after-free vulnerability, a memory error that occurs when an app tries to access memory already freed by the browser. This mishandling can sometimes lead to malicious code being executed, and that suggests that bad actors may be trying to plant malware via malicious websites.

Related: Best web browser

More details may emerge with time, but as long as you’re patched to the latest version of Chrome you should be safe. Well, safe until the next zero day is found in this never-ending game of cat and mouse, anyway.

Do you use Chrome, or do you prefer another browser? Let us know on Twitter: @TrustedReviews.

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.

Trusted Reviews Logo

Sign up to our newsletter

Get the best of Trusted Reviews delivered right to your inbox.

This is a test error message with some extra words