Google warns users to immediately update Chrome browser after critical bug discovered

Margi Murphy

Google has warned owners of Windows and Mac computers to urgently update their Chrome internet browser after learning that hackers may have exploited a mystery bug that has existed since its launch.

Justin Schuh, Chrome’s security engineer chief warned users to update Chrome “like right this minute” on Twitter, declaring it a “#PSA [Public Service Announcement]”.

The company shared a blog post in which it said an update that should fix the vulnerability, which it described as “high” in severity, had already been issued on March 1. It is up to users to update their browser.

Those who are concerned can check their device is running the updated version of Google Chrome by opening a window and clicking on the three vertical dots in the right-hand corner. 

Clicking “help”, followed by “about Google Chrome” in the drop down menu will lead to a page that will assist with updating.

Google said it was aware of hackers exploiting the flaw  - AFP

The bug was discovered by Clement Lecigne of Google's Threat Analysis Group on February 27, Google said.

Google said that the flaw was a “Use-After-Free”, which is a type of flaw that corrupts how a web app accesses a computer’s memory and can be used to install malicious software on a computer, causing it to crash or behave strangely.

The flaw was located in Google's FileReader, an application that is included in major browsers that lets the internet app access the contents of a PC.

“We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel,” said Abdul Syed, a Google Chrome engineer.

Microsoft’s security chief raised eyebrows last month when he asked Windows PC owners to stop using Internet Explorer unless there was no other option. He claimed this was because it is no longer being updated - and therefore no longer being secured - by the company. Internet Explorer has issued a number of patches for “Use-After-Free” bugs in the past.

Security researchers have for years been picking holes in Google and Microsoft’s apps, often in return for high sums of money as part of a “bug bounty”. Last year Facebook said it had paid one individual $50,000 for finding glitches in the social network’s code.