Advisories

Our advisories highlight current cyber security threats and vulnerabilities in New Zealand, and provide guidance on how to mitigate their impact.

Subscribe to our updates above to be notified as soon as we publish an advisory.

1:55pm, 7 March 2019

TLP Rating: White

Google Chrome web browser vulnerability

Attackers are exploiting a new vulnerability in Google Chrome. In this instance, the attacker can run arbitrary code within the context of the user running Chrome, but outside of the Chrome sandbox.

Google have released a patch to mitigate the vulnerability. CERT NZ recommends you check Chrome is up-to-date, and upgrade it immediately if not. 

What to look for

How to tell if you're at risk

Versions of Google Chrome earlier than version 72.0.3626.121 are at risk. Check if you are up-to-date by visiting chrome://settings/help . Visiting this page should automatically update your browser if it’s out-of-date.

Google reports an exploit for this vulnerability exists in the wild.

What to do

Prevention

Check you’re using the most up-to-date version of Google Chrome available. Version 72.0.3626.121 is the most recent version at time of writing this advisory.

Once Chrome is up-to-date, it is no longer vulnerable. 

More information

Vulnerability information from Chrome External Link

Critical Control: Patching 

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ

For media enquiries, email our media desk at media@mbie.govt.nz or call the MBIE media team on 027 442 2141.