Google released an incremental update for Chrome on Mac, Windows, and Linux with the zero-day exploit fix. The company’s security team advises users to update Chrome on all platforms immediately as there is evidence of a malicious party actively using the attack.
This particular attack involves the FileReader API that allows websites to read local files, while the “Use-after-free” class of vulnerabilities — at worse — allows for execution of malicious code.
Google’s internal Threat Analysis Group first caught wind of the exploit on Wednesday, February 27th, which was apparently being used by nefarious actors when the Chrome update was released.
Google also alerted users that the bug was being used in concert with a second exploit attacking the Windows operating system. According to its blog post, it may only impact people running Windows 7 32-bit systems, and those people are encouraged to upgrade to a newer version of the OS, or install patches when/if Microsoft makes them available (seriously, it’s time to move on).
Users are being advised to update Chrome across all platforms. A new version of Chrome for Android was released shortly after the desktop version on Friday, while Chrome OS was patched on Tuesday.