The critical vulnerability in Chrome that needs patching immediately

Jan Thornborough of Intelligensia

By cyber security specialist Jan Thornborough

There are many vulnerabilities in life, getting your car windscreen or paintwork chipped when trying out the new Transmission Gully road (which is an awesome drive by the way). Or catching Covid from your children. It’s the same with your digital devices.

This week’s vulnerability (CVE-2022-0971) is one from the internet browser Chrome (the software you use to surf the internet). It also affects Microsoft Edge because that is powered by Chromium as well.

I won’t go into the gritty details of what the latest vulnerability does, other than to say it is rare for Chrome to issue a fix with a “critical vulnerability” rating assigned to it. They have also recently issued two fixes that remedy “high severity” vulnerabilities.

Why does patching matter?

All software has weak spots called vulnerabilities, and when the bad guys learn about them, they immediately try and exploit them.

Now that Google has announced it has these critical vulnerabilities, the hackers will start looking for them to exploit.

They do this by adding them to their automated tools that scan the internet every minute of every day. So, if you are one of the unlucky ones who hasn’t patched Chrome or Edge, it is just a matter of time before they find you and launch an attack on your computer.

How do I know if my computer is safe?

Simply open Chrome, click on the three dots in the upper right-hand corner of the screen, select Help and then click on “About Google Chrome”. It should say that Chrome is up to date and the version should be 100.0.4896.60 or higher. If it doesn’t, run the upgrade from the same screen immediately.

It is a similar set of steps for Microsoft Edge. If you are uncomfortable trying this yourself, just ask your local IT specialist to check it for you.

Remember, there are vulnerabilities in any software you download. So, make sure that you run any upgrades (ideally automatically) as soon as they become available.

Never ignore warnings to run security upgrades. It’s far better to be safe than sorry when it comes to cyber security.

For more see:

Graphical user interface, application

Description automatically generated