What you need to know
- Google has patched a mysterious zero-day in Chrome.
- The firm is aware an exploit exists in the wild and has yet to detail the vulnerability while the patch rolls out to users.
- The patch is currently available for Windows, Mac, and Linux.
Google this week released a patch to the latest version of Chrome, v80, aimed at squashing three vulnerabilities, including one mystery 0-day vulnerability that wasn't detailed.
Latest Chrome update patches CVE-2020-6418, 0day found in the wild by @_clem1 : https://t.co/H2j5PXO8gV pic.twitter.com/K2GoOJCPgfLatest Chrome update patches CVE-2020-6418, 0day found in the wild by @_clem1 : https://t.co/H2j5PXO8gV pic.twitter.com/K2GoOJCPgf— Antti Tikkanen (@anttitikkanen) February 24, 2020February 24, 2020
Google didn't share any more information about the attack, and it's likely holding up until the patch has rolled out widely. Chrome OS v 80, which would presumably deliver the patch to Chromebooks, isn't available yet at the time of writing for example.
Ok, good, those are words. Why is that bad? Well, as explained by the security researchers over at Sophos:
TL:DR: If this vulnerability is actively exploited, malware can dress up as three kids in a trench coat and fool security checks meant to keep said malware out. Google has already fixed the vulnerability in Chrome for most people, so feel free to update your browser for maximum protection.
Chrome: Everything you need to know!
Get the best of Android Central in in your inbox, every day!
Thank you for signing up to Android Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.