Google released a minor appearance update of Chrome late Friday. Numbered 72.0.3626.121 (phew), this version was not as innocent as one might think. The search giant has fixed a “zero-day” security flaw, which was not known when Google discovered it two days earlier.
Full details have not yet been published to prevent exploitation, but it is known that this loophole has been used by malicious actors. It concerns the FileReader API that allows a website to access local files stored on the computer or mobile device being used. The security hole could even allow code to be executed, but we don’t know if that was the case. Anyway, for security, check now that your copy of Chrome is up to date.
For Chrome macOS, Windows, and Linux, automatic updates normally keep you up to date with the latest version, but a restart of the browser is required. To verify that you have the correct version, display the “About Google Chrome”1window; if you’re reading this article from Google’s browser, you can open this link to access it directly. If you are not up to date, the new version will be downloaded right away.
Google has also released an update of Chrome OS for Chromebook, with the same procedure. For Android devices, the update must be installed via the Google Play app. The new version was also released on Friday, you can check that you have the right one by going through the settings, then “About Chrome”.
If you’re using the Chrome app on an iPhone or iPad, there’s nothing to worry about. The App Store’s policy prevents Google from using its own rendering engine, it is WebKit, the Safari engine, which is used. Therefore, the security hole in question does not concern the app.