Google has released an emergency patch for Google Chrome users and is urging users to install it as soon as possible. The company is keeping its mouth shut about the vulnerability which carries the codename “CVE-2020-6457” and is termed as “use after free” exploit.
The flaw was discovered by security researchers at Sophos and is said to be a remote code execution or RCE vulnerability. The vulnerability allows attackers to run commands and untrusted scripts without the knowledge of the victim. In a blog post, security researcher Paul Ducklin said that the vulnerability will allow hackers “to change the flow of control inside your program, including diverting the CPU to run untrusted code that the attacker just poked into memory from outside, thereby sidestepping any of the browser’s usual security checks or ‘are you sure’ dialog.” He also noted that since the vulnerability could affect up to two billion users across Windows, Mac, and Linux, Google will wait for a while before revealing more details allowing the users to download and install the new patch.
If you’re a Google Chrome user then you should make sure that you’re running v81.0.4044.113 or above. You can check for updates and the installed version of Google Chrome by going to Help>About Google Chrome. While there, you should consider enabling automatic updates to let Google download and install new updates automatically.