Google Chrome has two dangerous vulnerabilities "Zero-day" that hackers are already exploiting to attack Windows, macOS and Linux systems, but the new version 86.0.4240.198 solves them and must be installed immediately. CISA, Namely the Cybersecurity & Infrastructure Security Agency which reports to the Homeland Department of the United States. That is the American Department of Homeland Security to which the secret services also respond.
The two vulnerabilities are the CVE-2020-16013, discovered on November 9, and the CVE-2020-16017, discovered on November 7. Both are considered by Google itself as highly dangerous and, as Big G also confirms, there are already some hackers who have discovered them and are exploiting them. Hence the urgency to update Chrome to the latest version available to plug both flaws and get on the safe side. And hence also Google's haste to correct them: the security patchesin fact, it was published on 11 November less than a week after the first vulnerability was discovered.
Chrome vulnerability: what the CISA says
Google released Chrome 86.0.4240.198 on Wednesday, November 11, and just a day later, the US Cybersecurity & Infrastructure Security Agency published a official note with which it "encourages users and administrators" to download and install the secure version of Chrome.
CISA also confirms that the hacker they could use these two vulnerabilities to take control of attacked systems and that there is already someone who has gone to work to do so.
CVE-2020-16013 and CVE-2020-16017, how dangerous they are
As often happens with "zero-day" vulnerabilities, no details have been published on the subject, to avoid offering an assist to hackers. JavaScript engine V8 of Chrome, while the second is a security flaw in memory management related to sandbox, that is, the secure and isolated environment in which Chrome loads websites to avoid data leaks or infections resulting from malware.
How to update Chrome and browse safe
To close both security holes is enough updatenare Chrome to version 86.0.4240.198. Doing so is very simple: just open the browser's main menu (the one at the top right, with the three dots) and then choose Settings> About Chrome.
Doing this will show a summary card where you can also read the current version of Chrome and, if it is lower than the safe one, you can also proceed with the update.
In most cases it is the browser itself, once this window is open, that searches for available updates and downloads them by itself. Once you have downloaded the latest available version you will need it restart Chrome to launch the safe version of the browser.
If the user sees a version lower than 86.0.4240.198, but no updates are available, this is normal: the release of Chrome updates is always gradual and it may take longer some day.
The 007 USA warns: Chrome is not safe, it must be updated immediately
