Published: November 23, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
Sometimes it’s best to just keep warnings short and sweet. Users of all operating systems on all devices are being strongly encouraged to update their Chrome for Android browsers. This is not only coming from Google, but also the U.S. Department of Homeland Security (DHS) is putting out warnings of its own. Google recently revealed that attackers have been exploiting a zero-day vulnerability in the popular internet browsing tool. DHS has warned of two more that are actively being exploited by hackers who can get control of the device, if they are successful.
A zero-day flaw refers to a recently discovered vulnerability that has not been previously known to vendors or antivirus companies, therefore, there is no patch or update available. Hackers take advantage of the timeframe between the vulnerability being discovered and made publicly known and when a fix becomes available.
The updated Chrome for Android was released in early November. It fixes this issue that may allow attackers to bypass and escape the Chrome security sandbox and execute code on the underlying operating system. Fixes for the most recent two are also being released by Google. The vulnerabilities are listed under CVE-2020-16010, CVE-2020-16013 and CVE-2020-16017.
Affected users should install the latest version of the Chrome browser as soon as possible. If you have automatic updates enabled, Chrome will update, but you still have to restart the browser for it to take effect. Doing quick updates holds true for any security patch that is released. It may take a few minutes initially, but could save you a lot of minutes later if that unpatched vulnerability is exploited and you lose control of your device.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com