Chrome users under threat from actively exploited security flaw — update your browser right now

and image of the Google Chrome logo on a laptop
(Image credit: Shutterstock)

If you’ve been putting off updating Chrome, now is the time to do so as Google has released new security updates for its browser which patch an actively exploited zero-day flaw.

As reported by BleepingComputer, the search giant has actually fixed two zero-day vulnerabilities along with another high-severity flaw. According to a security advisory released by Google, the company is aware that an exploit exists for one of these zero-days (tracked as CVE-2024-0519) and that hackers are currently using it in their attacks.

This high-severity zero-day is an out-of-bounds memory access weakness that was discovered in Chrome’s V8 JavaScript engine by security researcher Toan (suto) Pham of Qrious Secure. By exploiting this vulnerability, an attacker can gain access to sensitive information or even trigger a crash.

At the same time, this zero-day could also be exploited to bypass other protection mechanisms in Chrome to make code execution easier by chaining it together with other flaws. 

Unfortunately though, we don’t know much about how it’s actively being used in the wild by hackers right now. The reason for this is that, like it often does, Google is withholding additional details until a majority of Chrome users download and install the fix for the issue. 

How to stay safe from browser-based attacks

How to update Google Chrome

(Image credit: via Unsplash)

As we now do most of our work from a web browser, browser-based attacks have become more prevalent in recent years. Fortunately though, you can protect yourself from them by keeping your browser up to date.

Chrome displays a color-coded warning system in a bubble next to your profile picture once an update becomes available. The bubble is green for a 2-day old update, orange for a 4-day old update and red when an update was released at least a week ago.

If you don’t want to wait though, you can also manually check to see if an update for Chrome is available. To do this, click on the three-dot menu in the upper right hand corner of your browser, open Settings and then go to About Chrome. If an update is ready to be installed, Chrome will automatically begin downloading it from this page and it will be applied the next time you restart your browser or your computer.

Besides keeping your browser up to date, you should also be using the best antivirus software on your PC, the best Mac antivirus software on your Mac and one of the best Android antivirus apps on your Android smartphone. This way, you can ensure you’re protected from malware and all of the other latest cyber threats.

Zero-day flaws aren’t something you want to take for granted as they are often used in serious attacks. However, if you install the latest security updates when they become available, you should be safe from any potential attacks leveraging them.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.