On 11/06/2017, an advisory was released stating that the Chrome web browser had several serious vulnerabilities which may allow remote code execution, including:
- A stack buffer overflow in QUIC. (CVE-2017-15398)
- A use after free in V8. (CVE-2017-15399)
While no exploits in the wild are known as of yet, all it would take for someone to get into your system would be getting redirected to a specially crafted website which leveraged one of these vulnerabilities.
Good news! Google has recently released a patch. Everyone should ensure that their Chrome browsers are updated to the latest version (62.0.3202.94 as of this writing). If your version is below 62.0.3202.89, you are vulnerable.
Generally, Chrome will update itself when it gets the chance, but if you’re one to leave your browser open for long periods of time, it may not have updated yet. For peace of mind, check your version by clicking on the three-dot menu icon in the top right, selecting “Help”, and then “About Google Chrome.”
Stay cyber-safe,
Other Alerts
Cyber-Protecting Our Nation’s Critical Infrastructure
At SecuLore, our mission is to cyber-protect our nation’s critical infrastructure. Led by experts in 9-1-1 technology, cyberwarfare, and ethical hacking, our team provides the technology, expertise, and training needed to defend customers from increasingly sophisticated cyber threats.