Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

If you use Google Chrome on your Mac, update it right now

Chrome's update dialog box when a patch is ready to install

Last updated

Google has confirmed a recent update to Chrome was to patch a zero-day issue in the popular browser, an exploit that was actively used in attacks, and has recommended all Chrome users on Mac, Windows, and Linux update their installations as soon as possible.

A patch for Chrome shipped on March 1 consisting of a fix for a security flaw, identified as CVE-2019-5786. The update, which only fixed the issue without making other changes to the browser, brought Chrome on all three operating systems up to version 72.0.3626121.

While the security flaw affected all desktop versions of Chrome, it was especially a problem for Windows users, as it formed part of a more complex attack against Windows 7. The older Microsoft operating system had its own zero-day flaw identified at the same time as the Chrome version, with the browser's flaw actively used as part of a more complex attack against Windows, reports CNET.

Google updated its announcement for the patch to advise the exploit against Chrome "exists in the wild." Justin Schuh, head of Google's Chrome Security, posted to Twitter advising of both the exploit's existence and advising users to update their browser with the new patch.

The issue lies in a memory management error for Chrome's FileReader API, which allows web apps to read local files on a desktop. Specifically, it is a memory error known as a "use-after-free" vulnerability when a web app attempts to access memory that had been freed or deleted from Chrome's allocated memory, with the flaw enabling malicious code to be executed.

Clement Lecigne of Google's Threat Analysis Group is credited as the researcher who found the bug.

Google Chrome for iOS is not affected by the security flaw.



45 Comments

[Deleted User] 9 Years · 0 comments

The user and all related content has been deleted.

AppleExposed 6 Years · 1805 comments

mercel said:
Seriously, who’s dumb enough to use Google spyware on their Mac?  😂 

I was thinking the same thing.

payeco 17 Years · 581 comments

mercel said:
Seriously, who’s dumb enough to use Google spyware on their Mac?  😂 

And if you need Chrome installed just use Chromium. It’s the open source base Chrome is built on. It’s missing all of Google’s tracking junk.

qwerty52 7 Years · 367 comments

Google is a legal spyware. I never use a product coming from this company.

MplsP 8 Years · 4047 comments

mercel said:
Seriously, who’s dumb enough to use Google spyware on their Mac?  😂 

I was thinking the same thing.

I have some sites that I’m required to use for work that require “Internet Explorer or Google Chorme.” (Yes, I know IE has been deprecated by MS.) That means I’m required to use Chrome on macOS. 

I haven’t checked to see if chromium will work, but I’d be willing to bet that the same security flaw announced here was also present in chromium.

Also, if this was being actively exploited, why wasn’t there an announcement about it so people could avoid using Chrome until it was patched? Google just got done publicizing a security flaw in macOS that wasn’t being exploited because Apple ‘wasn’t quick enough’ with a patch. Seems rather hypocritical for them to hide an active exploit.