Google is updating its Chrome Web browser across Windows, Mac, and Linux platforms after discovering a critical bug. Without sharing many details about the bug itself, Google stated that the vulnerability ‘CVE-2020-6457’ was pointed out earlier this month and is found in the speech recognition tool. The company in a blog post also announced that the “stable channel has been updated” to Chrome version 81.0.4044.113 and will roll out over the coming days – indicating the vulnerability has been fixed through the update.
Google in the blog post published on April 15 also said, “Access to bug details and links may be kept restricted until a majority of users are updated with a fix.” The company added that Google will also “retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
As mentioned, Google has not shared details about the vulnerability other than the name (CVE-2020-6457) along with a vague description: “Use after free in speech recognizer.” Even the US National Vulnerability Database which maintains databases of security checklists and security-related software flaws describes the CVE-2020-6457 bug as “reserved”, meaning no information about the bug has been made public yet.
However, a report by Forbes stated that once a “use after free vulnerability” is triggered after visiting a malicious Web page, users’ computer system can be compromised. The report added since the potential consequences of this vulnerability are “high”, Google has rated this as a critical security issue.
Users can check their Chrome version by tapping on the ‘three vertical dots’ at the top right corner on their Chrome browser. From there, users need to select Help > About Google Chrome. If the dots are not visible, users may see a red icon with an upward white arrow in it, indicating them to update their browser.