SingCert urges Chrome users to update Web browsers after 'critical vulnerability' found

Android and iOS versions of Chrome are not affected, but the desktop version is.
Android and iOS versions of Chrome are not affected, but the desktop version is.PHOTO: SCREENGRAB FROM GOOGLE.COM

SINGAPORE - Google has patched a serious bug in its Chrome Web browser that could let an attacker take control of a user's computer and steal sensitive user information.

Android and iOS versions of Chrome are not affected, but the desktop version is.

The Singapore Computer Emergency Response Team (SingCert), a unit of the Cyber Security Agency of Singapore, issued an advisory on Friday (Aug 30) urging users to update to the latest version (76.0.3809.132) of the Chrome Web browser.

It called the bug a "critical vulnerability".

The advisory explained that affected computers could be used to carry out malicious activities such as a denial-of-service (DoS) attack to overwhelm and disrupt websites and other online services.

Google said that the patch will be rolled out to users in the coming days. Those who have enabled the automatic update function in Chrome will receive the patch once their computers are connected to the Internet.

Otherwise, a manual update is required. Users can check their Chrome version by selecting "About Google Chrome" from the Help menu.

The security flaw was found in Blink, the rendering software that generates the images and text of Web pages on the computer screen. It could be exploited if a user visits or is redirected to a specially-crafted Web page.

There are currently no reports of the vulnerability being exploited in the wild, said the Center for Internet Security, which is based in New York.

In a blog post on Monday, Mr Srinivas Sista from the Google Chrome team said that the vulnerability was discovered by researchers from the Chengdu Security Response Center of Qihoo 360 Technology. They were paid US$5,500 (S$7,600) by Google for disclosing the bug.