The company disclosed the vulnerability affecting the Chrome browser last week. The security bug existed in Chrome’s speech recognition component. There are no more details available about the security vulnerability (CVE-2020-6457). According to researchers, it was a critical severity bug that would allow an attacker to take complete control of the target system. Google has been tight-lipped about the exact details of the bug.
Before the attackers could exploit the vulnerability, Google has patched the bug. The company has rolled out Chrome v81 with a fix for the bug. The update is available for Linux, Windows, and Mac users. Considering the critical nature of the bug, the US Cybersecurity and Infrastructure Security Agency (CISA) has recommended all users to update their browser.
In a blog post dated April 15, Google said, “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. Google will retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
The vulnerability was first reported by Qihoo 360 Alpha Lab. Researchers Leecraso and Guang Gong shared the report with Google on April 4. The use free exploit would diet a bad actor change the flow of control inside your program, including diverting the CPU to run untrusted code that attacker poked into memory.
Since the company has flagged this vulnerability as critical, it means attacks can be conducted remotely, without an attacker having physical access to your devices. If the flaw presents in all versions of Chrome, it can potentially impact two billion users.
If you are already running Chrome v81.0.4044.113 or later, you are safe. Users can update ether Chrome by pressing three vertical dots int eh top right corner of the browser, head to settings, and select About Chrome. The browser will automatically check for updates.