Google Chrome web browser vulnerability
Attackers are exploiting a new vulnerability in Google Chrome. In this instance, the attacker can run arbitrary code within the context of the user running Chrome, but outside of the Chrome sandbox.
Google have released a patch to mitigate the vulnerability. CERT NZ recommends you check Chrome is up-to-date, and upgrade it immediately if not.
What to look for
How to tell if you're at risk
Versions of Google Chrome earlier than version 72.0.3626.121 are at risk. Check if you are up-to-date by visiting chrome://settings/help . Visiting this page should automatically update your browser if it’s out-of-date.
Google reports an exploit for this vulnerability exists in the wild.
What to do
Check you’re using the most up-to-date version of Google Chrome available. Version 72.0.3626.121 is the most recent version at time of writing this advisory.
Once Chrome is up-to-date, it is no longer vulnerable.
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.
For media enquiries, email our media desk at firstname.lastname@example.org or call the MBIE media team on 027 442 2141.