On 11/06/2017, an advisory was released stating that the Chrome web browser had several serious vulnerabilities which may allow remote code execution, including:
- A stack buffer overflow in QUIC. (CVE-2017-15398)
- A use after free in V8. (CVE-2017-15399)
While no exploits in the wild are known as of yet, all it would take for someone to get into your system would be getting redirected to a specially crafted website which leveraged one of these vulnerabilities.
Good news! Google has recently released a patch. Everyone should ensure that their Chrome browsers are updated to the latest version (62.0.3202.94 as of this writing). If your version is below 62.0.3202.89, you are vulnerable.
Generally, Chrome will update itself when it gets the chance, but if you’re one to leave your browser open for long periods of time, it may not have updated yet. For peace of mind, check your version by clicking on the three-dot menu icon in the top right, selecting “Help”, and then “About Google Chrome.”
SecuLore Support Team