If you use Google Chrome on your Mac, update it right now

Posted:
in Mac Software edited March 2019
Google has confirmed a recent update to Chrome was to patch a zero-day issue in the popular browser, an exploit that was actively used in attacks, and has recommended all Chrome users on Mac, Windows, and Linux update their installations as soon as possible.

Chrome's update dialog box when a patch is ready to install
Chrome's update dialog box when a patch is ready to install


A patch for Chrome shipped on March 1 consisting of a fix for a security flaw, identified as CVE-2019-5786. The update, which only fixed the issue without making other changes to the browser, brought Chrome on all three operating systems up to version 72.0.3626121.

While the security flaw affected all desktop versions of Chrome, it was especially a problem for Windows users, as it formed part of a more complex attack against Windows 7. The older Microsoft operating system had its own zero-day flaw identified at the same time as the Chrome version, with the browser's flaw actively used as part of a more complex attack against Windows, reports CNET.

Also, seriously, update your Chrome installs... like right this minute. #PSA

-- Justin Schuh (@justinschuh)


Google updated its announcement for the patch to advise the exploit against Chrome "exists in the wild." Justin Schuh, head of Google's Chrome Security, posted to Twitter advising of both the exploit's existence and advising users to update their browser with the new patch.

The issue lies in a memory management error for Chrome's FileReader API, which allows web apps to read local files on a desktop. Specifically, it is a memory error known as a "use-after-free" vulnerability when a web app attempts to access memory that had been freed or deleted from Chrome's allocated memory, with the flaw enabling malicious code to be executed.

Clement Lecigne of Google's Threat Analysis Group is credited as the researcher who found the bug.

Google Chrome for iOS is not affected by the security flaw.
«13

Comments

  • Reply 1 of 45
    The user and all related content has been deleted.
  • Reply 2 of 45
    AppleExposedAppleExposed Posts: 1,805unconfirmed, member
    mercel said:
    Seriously, who’s dumb enough to use Google spyware on their Mac?  😂 

    I was thinking the same thing.
    qwerty52jas99cat52watto_cobra
  • Reply 3 of 45
    payecopayeco Posts: 580member
    mercel said:
    Seriously, who’s dumb enough to use Google spyware on their Mac?  😂 
    And if you need Chrome installed just use Chromium. It’s the open source base Chrome is built on. It’s missing all of Google’s tracking junk.
    lostkiwibaconstangchiatnet-primarytnet-primarycat52watto_cobra
  • Reply 4 of 45
    qwerty52qwerty52 Posts: 367member
    Google is a legal spyware. I never use a product coming from this company.
    baconstangchasmjas99GeorgeBMaccat52watto_cobra
  • Reply 5 of 45
    MplsPMplsP Posts: 3,911member
    mercel said:
    Seriously, who’s dumb enough to use Google spyware on their Mac?  😂 

    I was thinking the same thing.
    I have some sites that I’m required to use for work that require “Internet Explorer or Google Chorme.” (Yes, I know IE has been deprecated by MS.) That means I’m required to use Chrome on macOS. 

    I haven’t checked to see if chromium will work, but I’d be willing to bet that the same security flaw announced here was also present in chromium.

    Also, if this was being actively exploited, why wasn’t there an announcement about it so people could avoid using Chrome until it was patched? Google just got done publicizing a security flaw in macOS that wasn’t being exploited because Apple ‘wasn’t quick enough’ with a patch. Seems rather hypocritical for them to hide an active exploit.
    jas99cat52watto_cobra
  • Reply 6 of 45
    jdgazjdgaz Posts: 403member
    No google chrome, no google maps, no google web search. Life is just fine with our google.
    edited March 2019 lostkiwibaconstangjas99cat52watto_cobra
  • Reply 7 of 45
    ElCapitanElCapitan Posts: 372member

    If you use Google Chrome on your Mac, update it right now

    If you use Google Chrome on your Mac, get rid of it right now


    FIFY
    lostkiwichasmchristopher126StrangeDaysmacseekerqwerty52jas99GeorgeBMaccat52watto_cobra
  • Reply 8 of 45
    deminsddeminsd Posts: 143member
    What is it, exactly, that everyone is afraid of Google getting a hold of?  You think Google is the only entity in the world that is "spying" (collecting data) on you?  Ever go out in public, per chance, or just sit behind your "safe Mac" your whole life?  I don't care.  I'm a grain of sand on a beach.  
    edited March 2019 Johan42
  • Reply 9 of 45
    chasmchasm Posts: 3,275member
    deminsd said:
    What is it, exactly, that everyone is afraid of Google getting a hold of?  You think Google is the only entity in the world that is "spying" (collecting data) on you?  Ever go out in public, per chance, or just sit behind your "safe Mac" your whole life?  I don't care.  I'm a grain of sand on a beach.  
    It's not so much (necessarily) what they're getting (everything) or even what they're using it for (mostly marketing but also some darker stuff, like how to manipulate people) as it is simply this -- they didn't ask permission, they're not transparent about what they do with that data (and all that they collect), and considering the money they're making on it, shouldn't I be getting a share of that?
    qwerty52jas99GeorgeBMacjoncocat52watto_cobra
  • Reply 10 of 45
    mercel said:
    Seriously, who’s dumb enough to use Google spyware on their Mac?  😂 
    Agreed!

    If FaceBook wasn't around, Google would be getting all the scrutiny and bad press. 

    I use DuckDuckGo. I don't have any Google products on my devices or in my home or office. 
    qwerty52jas99cat52watto_cobra
  • Reply 11 of 45

    deminsd said:
    What is it, exactly, that everyone is afraid of Google getting a hold of?  You think Google is the only entity in the world that is "spying" (collecting data) on you?  Ever go out in public, per chance, or just sit behind your "safe Mac" your whole life?  I don't care.  I'm a grain of sand on a beach.  
    FaceBook has 29,000 data points on every individual! You really don't see a problem with that? 
    qwerty52watto_cobra
  • Reply 12 of 45

    chasm said:
    deminsd said:
    What is it, exactly, that everyone is afraid of Google getting a hold of?  You think Google is the only entity in the world that is "spying" (collecting data) on you?  Ever go out in public, per chance, or just sit behind your "safe Mac" your whole life?  I don't care.  I'm a grain of sand on a beach.  
    It's not so much (necessarily) what they're getting (everything) or even what they're using it for (mostly marketing but also some darker stuff, like how to manipulate people) as it is simply this -- they didn't ask permission, they're not transparent about what they do with that data (and all that they collect), and considering the money they're making on it, shouldn't I be getting a share of that?
    Well said.

    All I want is 'transparency, 'accountability,' and 'rule of law.' In other words, responsible corporate citizens. 

    Facebook, Google, Twitter and Amazon are the cigarette companies of the 80's and 90's. 
    macseekerqwerty52jas99watto_cobra
  • Reply 13 of 45
    StrangeDaysStrangeDays Posts: 12,842member
    deminsd said:
    What is it, exactly, that everyone is afraid of Google getting a hold of?  You think Google is the only entity in the world that is "spying" (collecting data) on you?  Ever go out in public, per chance, or just sit behind your "safe Mac" your whole life?  I don't care.  I'm a grain of sand on a beach.  
    Cool. Then you should feel comfortable telling me at a minimum your real name and address?

    BTW Gruber and Rene Richie were talking on the latest episode of The Talk Show about how the so-called anonymization by companies like Google and Facebook is easily circumvented by advertisers and metrics companies who figure out ways to link users to a specific identifying data point, and then create "shadow profiles" of you from there. Fun stuff, kids. You are the product.
    edited March 2019 fastasleepqwerty52jas99watto_cobra
  • Reply 14 of 45
    macxpressmacxpress Posts: 5,801member
    deminsd said:
    What is it, exactly, that everyone is afraid of Google getting a hold of?  You think Google is the only entity in the world that is "spying" (collecting data) on you?  Ever go out in public, per chance, or just sit behind your "safe Mac" your whole life?  I don't care.  I'm a grain of sand on a beach.  

    So I guess its perfectly okay for me to go peak and stare into the windows of your house then? I mean, you're just a grain of salt on the beach....
    qwerty52jas99watto_cobra
  • Reply 15 of 45
    seanismorrisseanismorris Posts: 1,624member
    LOL 

    It’s Google hate day.

    1.  I use Google search, there is nothing else close
    2.  I use Google Maps, Apple’s getting better but they’re still 2nd best
    3. I use Google Mail, it’s my own domain, I get zero ads (that I haven’t signed up for)

    OK technically I get ads, but I don’t see them because they go directly to my Junk folder.

    If Google is using my info for ads, I don’t see them because of the ad blocker.  Actually, Apple is the cause of my problem with auto play (ads) videos.  There is no way to stop the auto play in Safari iOS.  I suspect Google payed Apple off...

    Who I won’t do business with is Facebook...
    edited March 2019 gatorguy
  • Reply 16 of 45
    coolfactorcoolfactor Posts: 2,239member
    deminsd said:
    What is it, exactly, that everyone is afraid of Google getting a hold of?  You think Google is the only entity in the world that is "spying" (collecting data) on you?  Ever go out in public, per chance, or just sit behind your "safe Mac" your whole life?  I don't care.  I'm a grain of sand on a beach.  

    What's unfortunate is that thinking that Chrome (or Firefox) are superior to Safari, and vice versa. All are modern browsers and each adds features and conveniences over the other. I prefer Safari's "feel", but Chrome and Firefox have closed the gap. I still don't like Firefox's text rendering... it's different and seems slightly off.

    I use Safari as my main browser, but have Chrome and Vivaldi ready to launch for other purposes. I use Netflix in Chrome, for example. I treat browsers like application wrappers so I can Cmd-Tab between them. I use multiple windows to organize related pages. People that open every single web page in a separate tab and never use multiple windows are missing out. Tabs do not replace multiple windows entirely like many people choose to believe.

    Lose the "one single browser" mentality and the world will be a happier, more productive place.
    edited March 2019 gatorguylkruppkingofsomewherehot
  • Reply 17 of 45
    cmd-zcmd-z Posts: 69member
    Gee, how do I update Chrome on my Mac? http://bfy.tw/MfK7
  • Reply 18 of 45
    welshdogwelshdog Posts: 1,897member
    "and considering the money they're making on it, shouldn't I be getting a share of that? "

    We need either a Federal law or even better a Constitutional Amendment that grants every citizen absolute ownership of their personal data. No use of that data without remuneration. No use of SSN without tokenization like Apple Pay or similar. Companies should not be indemnified if they lose the data we have allowed them to use. No enitiy is entitled to our data. They have taken it because no one has stood up and stoppped them.

    jas99christopher126watto_cobrakingofsomewherehot
  • Reply 19 of 45
    gatorguygatorguy Posts: 24,176member
    welshdog said:
    "and considering the money they're making on it, shouldn't I be getting a share of that? "

    We need either a Federal law or even better a Constitutional Amendment that grants every citizen absolute ownership of their personal data. No use of that data without remuneration. No use of SSN without tokenization like Apple Pay or similar. Companies should not be indemnified if they lose the data we have allowed them to use. No enitiy is entitled to our data. They have taken it because no one has stood up and stoppped them.

    -Are you talking a cash payment only or is a trade for services rendered OK?
    -Is profit allowed or are you expecting break-even?
    -What about the credit bureau's, banks, and other lenders who use your personal data to evaluate you for extending credit?
    -Would it be OK for you as an employer to do a background check, or for an insurer to check your driving history and accident record?

    All these things require that your personal data be stored somewhere. Is signing your agreement to access it sufficient or are you still demanding to be paid in actual money?

    A lot of questions are raised by what you think is a simple matter. I look forward to your comment.
    edited March 2019
  • Reply 20 of 45
    GeorgeBMacGeorgeBMac Posts: 11,421member

    deminsd said:
    What is it, exactly, that everyone is afraid of Google getting a hold of?  You think Google is the only entity in the world that is "spying" (collecting data) on you?  Ever go out in public, per chance, or just sit behind your "safe Mac" your whole life?  I don't care.  I'm a grain of sand on a beach.  
    FaceBook has 29,000 data points on every individual! You really don't see a problem with that? 
    So one justifies the other?   Really?  
    That's like saying getting stabbed is alright because its not as bad as getting shot.
Sign In or Register to comment.