It's sometimes easy to forget that the technology we use every day to make our lives easier can also be the very thing used against us. Which explains why software companies are constantly providing updates and security patches to thwart attackers who are constantly looking for a way to steal your information.
Too many of us ignore security fixes, thinking they're either not that important or we're too busy to update the software on our laptop or iPhone. Except, in most cases, those updates are the result of discovering vulnerabilities that could have real-world consequences for our personal and professional data.
The likelihood that a given piece of software will be a target often comes down to two variables: How secure is its code, and how widely used is the software? Software that isn't used by enough people is not worth the effort to hack.
Chrome, on the other hand, is the most widely-used Web browser in the world. It's also the point of access to the internet for its millions of users, making it a prime target for exploitation. That's why Google's most recent Chrome update, version 80, included 56 security fixes.
Except, now the Department of Homeland Security is warning Chrome users to update their browser again, to the most current version 80.0.3987.116. Specifically, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a statement that says the most recent update "addresses vulnerabilities that an attacker could exploit to take control of an affected system," and encourages you to take action immediately.
While we don't have any more details, it wouldn't be the first time we've seen such an attack. Last August, it was reported that an attack targeting a specific ethnic group allowed hackers to track and take over iPhones using malicious websites.
So-called, man-in-the-browser (MiTB) attacks take advantage of vulnerabilities to inject code into the browser when you visit a specific site. This allows the hacker to do a variety of things including capturing information entered into fields on the website, adding fake fields to steal information or login credentials, or even gain control of the user's device.
Google gives credit to outside researchers for bringing several of the bugs to their attention, though they haven't said specifically what they were. The company, as a policy, doesn't provide more detail about bug fixes until the majority of users have updated their software.
Do yourself a favor and update your software regularly. There are thousands of hackers out there looking for a way in, and preventing that from happening is ultimately your responsibility. In many cases, your laptop or device can be set to automatically install security patches.
Chrome does provide this option, but to update it on your own, here are the instructions provided by Google:
1. On your computer, open Chrome.
2. At the top right, click More.
3. Click Update Google Chrome.
Important: If you can't find this button, you're on the latest version.
4. Click Relaunch.
Or, on a Mac, simply click on the Chrome menu at the top of your screen, select About Chrome, and it will tell you if you're on the most recent version. If not, it'll automatically get the current version and prompt you to "Relaunch."