Google Chrome has a security vulnerability that is already being taken advantage of – but, luckily, there's a fix.
Today is the day to update your Google Chrome browser to plug a vulnerability that Google is warning users about. The problem lies in a heap buffer overflow in WebRTC.
This means that an attacker can cause an area of memory to be written to so that it overflows, leaving it wide open and vulnerable to being exploited. Google has acknowledged that vulnerability CVE-2023-7024 (as it catchily called) is already being exploited against Chrome users, reports Tech Radar.
Heap and stack overflows are some of the most common places to attack and it's certainly not the first time that this issue has plagued Google Chrome users. This means, however, that there is an easy fix: updating your browser.
How to manually update your Google Chrome browser
All you need to do is open Chrome’s Settings page via the three-dot menu on the top-right-hand side of your browser. Browse through the left panel and find the ‘About Chrome’ at the bottom of the list. Click that to check for updates.
A message will pop up if there's an update that can be applied. On a Windows PC, you need to be on Chrome version 120.0.6099.130 to protect against the issue described above, or alternatively 120.0.6099.129 if you're running Mac or Linux.
Even if you have automatic updates turned on, your browser might still be out of date, so it's well worth checking to be sure – and quickly. You don't want to leave your device vulnerable to a safety gap that Google has confirmed people already know about and are taking advantage of.
Once Chrome has updated itself, you’ll also need to close the browser and restart it, with no windows or tabs open, in order for it to apply the upgrade and therefore plug that vulnerability gap.