Chrome Web Browser Security Vulnerabilities
On June 1, Google discovered that a “zero-day security vulnerability” in its Chrome web browser is being actively exploited. A zero-day vulnerability is an undiscovered flaw in an application or operating system. It’s a gap in security for which there is no defense or patch because the software maker did not know it existed — so they've had “zero days” to prepare an effective response.
On June 5, Google released an emergency security update patch in response to this vulnerability. Google said the update will roll out in the coming days/weeks, so it is a gradual distribution that won't reach everyone simultaneously. This means you should be proactive and manually check if your browser has been updated. If the update is available to you already, then the act of checking on your Chrome version number will kick start the download and installation of the security update. To try to start the Chrome update procedure manually, go to the Chrome settings menu (upper right corner) and select Help → About Google Chrome. Note that to activate the update, you must restart your browser.
This is the third zero-day vulnerability Chrome has had to fix in 2023. In 2022, the company patched nine zero-day vulnerabilities. In May, it was also discovered that Chrome users were experiencing fake update error messages. Users receive a message reading, “UPDATE EXCEPTION. An error occurred in Chrome automatic update...” A link is provided at the bottom of the bogus error message that, if clicked on, will download malware onto your computer.
Because of the continued security breaches, you may want to consider uninstalling Chrome from your personal and business computers and using a different browser instead. Some other browser options include Mozilla Firefox, Microsoft Edge, and Brave. Your IT personnel can recommend a browser that is suitable for your needs.
If you go this route, be sure Chrome is removed from all computers at your office and that employees do not
re-download Chrome. Talk to your IT personnel to transfer bookmarks/favorites from Chrome to the new browser if needed, and also have them modify computer settings so that Chrome cannot be downloaded on the computers again.