One day behind schedule, Chrome desktop browser has begun rolling out Windows, macOS, and Linux users. While we recommend that you always keep your browser up-to-date, it is crucial that you update your Chrome, Edge, or other Chromium-based browsers sooner than later. On April 13, the day Chrome 90 was set to release, an incremental update to version 89 of the browser rolled out and it contained an unforeseen vulnerability that is now confirmed to be a Zero-Day flaw. Zero-Day is the term used when an exploit of a security flaw has been identified in the wild after the official release of a software version.
Twitter user @frust dropped a tweet on Wednesday sharing a link to a GitHub project that contained a proof-of-concept that triggers the flaw that opens Microsoft Notepad when clicking a URL containing the exploit. Tom’s Guide was able to confirm that the exploit worked on a fully updated version of Edge but wasn’t able to duplicate using Chrome. You can see the exploit in action in the video below.
Gaining access to Notepad may not sound that alarming but any exploit that can control or manipulate services outside of its own sandbox has the potential to be catastrophic to the OS as well as the users’ personal data. The update to Chrome 90 contains a total of thirty-seven bug fixes and security patches that netted researchers more than $50,000 in bug bounty. To learn more about the update, head over to the Chrome Release Blog here. First, you should make sure your browser is up-to-date. Click the three-dot menu at the top right of Chrome and click “Help” and “About Chrome.” Click the “check for updates” button and wait for the download to complete. Restart your browser when the installation is complete and you’re all set.