DHS Warns of Chrome Security Bugs

Chrome CVE-2020-6383

DHS Warns of Chrome Security Bugs – DHS CISA Encourages Chrome Users to Update Browser to Fix Multiple Security Vulnerabilities

The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Google advises Chrome web browser users to update to Chrome version 80.0.3987.116. This update affects Windows, Mac, and Linux versions of Chrome. Google made the update available on February18, 2020. The Common Vulnerabilities and Exposures (CVE) information was published on February 21, 2020. The Google Chrome updates fixes multiple security vulnerabilities a hacker might exploit to take control of a computer. A security vulnerability, or bug, is an error in computer code or hardware configuration that could a allow a hacker to download code to the device, gain unauthorized access, or cause damage.

The information was posted on the US-CERT Current Activity web page.

If left unpatched, a vulnerable Chrome web browser is vulnerable to hackers who could inject computer code that allows them to escalate access and control over the unpatched computer. A hacker could exploit the security bugs in Chrome to install malware, view, alter, or delete data. They could also create user accounts on the computer giving themselves further access and the ability to cause more damage. Hackers use security vulnerabilities, or bugs, in software to install malicious computer code and steal information. The malicious code can be used to hack into a machine by elevating the hackers user permissions to admin user level – the same as the device owner. After gaining admin user access, the hacker is then able to access and manipulate software and hardware.

Multiple Google Chrome Security Bugs Could Allow for Arbitrary Code Execution
The Chrome CVE give insights into the five vulnerabilities found by cyber security researchers. Vulnerabilities include CVE-2020-6383, CVE-2020-6384, and CVE-2020-6386 all of which are considered high importance to personal and business users. Users should download the newest version of Chrome to address these issues.
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html

How Do I Fix Google Chrome Problems?
Like most app developers, Google releases software updates (patches) to fix security vulnerabilities and secure the software and the device it is installed on. It is important for users to keep all software, hardware, apps, and devices up to date. Unpatched software allowed some of the biggest malware attacks like WannaCry to spread across Europe in 2017. The cyberattack affected unpatched Windows machines only. The software has been previously fixed in an update. However, UK’s National Health System (NHS) reported that operations were crippled because many of their computers were unpatched. The attack was later blamed on North Korea.

The following actions be taken to update Chrome web browser:

  1. Accept the latest and upgrade to update to Chrome version 80.0.3987.116
  2. Create a non-admin user on your laptop and run all software from that user account. This helps prevent malware from gaining privileged access to a computer
  3. Stay away from suspicious looking websites
  4. Never shop on a website that is not using HTTPS
  5. Do not click on links in emails sent from people you don’t know. If an email asks for money or information, vet who is asking. Calling them may be the best way.
  6. Do not download files sent in emails or even click on them to see more information. Even Microsoft Word docs can be weaponizes to download malware
  7. Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.