<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=352585001801011&amp;ev=PageView&amp;noscript=1">

  Back to the Learning Center

Kelser Talks Google Chrome Vulnerability on NBC Connecticut Blog Feature
Adam Stahl

By: Adam Stahl on March 12, 2019

Print/Save as PDF

Kelser Talks Google Chrome Vulnerability on NBC Connecticut

Cybersecurity | In the Media | News

When the news emerged that there was a security issue in Google Chrome, Kelser provided NBC Connecticut with some expert perspective.

 

What happened?

Google announced in a blog post that an update was available for Chrome that addressed a high/critical vulnerability (CVE-2019-5786: Use-after-free in FileReader). Reports confirm that this update addresses a zero-day vulnerability that was being exploited in the wild. Google Chrome’s leading security and desktop engineer even tweeted that users should “seriously, update your Chrome installs…like right this minute.”

 

What is a "zero-day" vulnerability?

In short, a “zero-day” vulnerability is one that hasn’t been patched yet by the developer/manufacturer/organization responsible for the hardware/software with the vulnerability. The vulnerability may already be exploited in the wild (though not necessarily).

From our partner Symantec:

The term “zero-day” refers to a newly discovered software vulnerability. Because the developer has just learned of the flaw, it also means an official patch or update to fix the issue hasn’t been released.

So, “zero-day” refers to the fact that the developers have “zero days” to fix the problem that has just been exposed — and perhaps already exploited by hackers.

Once the vulnerability becomes publicly known, the vendor has to work quickly to fix the issue to protect its users.

But the software vendor may fail to release a patch before hackers manage to exploit the security hole. That’s known as a zero-day attack.

 

What does “in the wild” mean?

“In the wild” in this case refers to the fact that a vulnerability is being exploited “in real life” out in the world. As opposed to a vulnerability that has only been exploited in lab tests by security professionals, for example.

TechTarget takes it a step further:

According to noted computer virus expert Paul Ducklin, in order for a virus to be considered in the wild, "it must be spreading as a result of normal day-to-day operations on and between the computers of unsuspecting users."

 

What can I do?

Make sure that your Chrome version is up to date. The updated version is 72.0.3626.121. You can check (and update if needed) Chrome on desktop by opening the drop-down menu (the three vertical dots), then going to “Help”, then “About Google Chrome”.

Stay safe out there!

 

New Call-to-action

About Adam Stahl

Adam is Kelser's Digital Strategist who invites boundless creativity to achieve outcomes that inspire confidence.

Suggested Posts

Case Study

NIST 800-171 vs CMMC:What’s The Difference? How Do They Work Together?

If you are a company that works with the government you are familiar with the rules and regulations that surround information labelled as sensitive,...

Read More »

Case Study

Top 3 Cybersecurity Threats For Small Businesses (& How To Stay Safe)

Cyberattacks continue to be a growing threat for small businesses. According to estimates from Statista's Cybersecurity Outlook, the global cost of...

Read More »

Case Study

What Is A NIST 800-171 POAM (Plan Of Action & Milestones)?

Although NIST 800-171 has been around for several years, many business leaders still aren’t certain whether they are doing the right things to be...

Read More »

Visit Our Learning Center