The Google Chrome app on Android.

Google has patched a rather serious zero-day exploit in the desktop and Android versions of the Chrome browser.

According to Google’s own Chrome Releases blog (via Android Police), the search giant patched a serious “use-after-free” flaw related to the FileReader API. This API allows websites and other web-based services to read files stored on a user’s computer. But the flaw lets hackers break out and execute potentially malicious code on a device.

What made Google’s fix even more pressing was the apparent admission that the flaw was being used in attacks, as opposed to a vulnerability that was only found in a closed, security environment. In fact, Chrome security lead Justin Schuh tweeted (h/t: ZDNet) that users should update their browser installs right now.

In any event, you should update your Android and desktop versions of the Chrome browser to version 72.0.3626.121 via the buttons below.

Comments
Read comments