Earlier this week, a member of Google’s threat analysis group discovered a vulnerability in Google Chrome that would allow attackers to execute arbitrary code or corrupt data on impacted machines. Google released a fix for this exploit soon after, and all Chrome users should be sure to update their browsers immediately. Chrome should update each time the browser is closed or relaunched, so many users may have already installed the patch. To be certain that you are protected, please select the “Chrome” menu, then select “Help,” then “About Google Chrome.” This will display your current update status and allow you to update the browser if needed. This will also allow you to turn on automatic updates for Chrome if you haven’t already.
A zero-day exploit and subsequent patch are not out of the ordinary for the browser. A total of 16 zero-day vulnerabilities were detected in Google Chrome during 2021. To protect yourself, it is always a best practice to keep your platforms and devices updated to their most recent versions. You should use automatic updating whenever possible, and periodically check to ensure you are on the latest version. Some updates require a restart, so it is a good idea to get in the habit of checking, then rebooting your machine or restarting the app. Keeping your devices and applications running on their latest versions has long been a critical part of good security hygiene, and this practice only becomes more important as the threat landscape evolves.
For more information about protecting yourself and your devices, please visit our guidance pages.
If you have questions or concerns about this update, please reach out to the Office of Information Security by emailing infosec@wustl.edu. As always, we appreciate your vigilance as we work together to keep WashU secure.