From Forbes:
It takes a lot to scare anyone on Halloween night, but Google Chrome engineers were spooked enough to issue an urgent update announcement for the browser across all platforms. So, what gave Google the heebie-jeebies? The answer is not one but two security vulnerabilities, one of which has a zero-day exploit out in the wild already.
The October 31 disclosure from Google confirmed that the “stable channel” desktop Chrome browser is being updated to version 78.0.3904.87 across the Windows, Mac, and Linux platforms. This urgent update will start rolling out “over the coming days/weeks,” according to Google.
. . . .
Although any vulnerability that is given a high severity rating has to be taken seriously, there remain different levels of risk for average users and those likely to be of interest to nation-state hackers for example. Unlike recent Android security alerts including the now infamous Joker malware, it would appear that the real-world risk isn’t too critical for most people.
“For me, it’s relatively low risk, with Google quickly acknowledging the vulnerabilities,” Mike Thompson, an application security specialist, “it’s another day at the ‘zero-day’ office where, in my humble opinion, the likelihood of any real damage is minimal.”
John Opdenakker, an ethical hacker, agrees that it’s good to see Google acting so quickly, “particularly as far as the one that’s already been exploited in the wild is concerned,” he says.
Having done some further digging, as ethical hackers have a habit of doing, Opdenakker says, “this most severe vulnerability can only be exploited via specially crafted websites,” which means, “the average user shouldn’t lose any sleep.”
Link to the rest at Forbes