SEVERE Security Issue: Google Chrome Might Claim Current Version When Actually Out-of-Date and At-Risk
In the screen shot below, the way out of date as the current version of Google Chrome (as of today) is Version 72.0.3626.121 — much newer. Yet the status reports up-to-date.window claims that Chrome is up to date. But Chrome is actually
The implication is simple, but dire: a Google Chrome high severity security bug gone unfixednd will remain so unless the user manuall updates.
Without updates, bugs like the recent high security CVE-2019-5786 severe security bug will not get fixed because Chrome thinks it is up to date, thus exposing the user to security risks going back to the last manual download (which is the only way I was able to update Chrome).
Unlike most security bugs, the attack potential of bug fix in Google Chrome for CVE-2019-5786 was not theoretical; Google states “under active attacks” at the time of the patch.
Updating Chrome manually
Compare the versions before/after*. This is a surefire method since the latest version, downloaded manually, ensures it really is the latest.
- Open => and check the version.
- Download the latest version at https://www.google.com/chrome/. Use Safari if necessary, using Chrome to download Chrome failed instantly and 100% of the time. Perhaps it is related to the failure to detect the current version, a double bug.
- Compare version numbers.
* Amazingly, Google doesn't list version numbers on that download page.
It would be a reasonable position to not run Chrome at all given the risk of running an out-of-date browser well months beyond when the publicly details of Zero-day exploits have been released.
Not a fluke
I’ve seen false version status bug for years now, so it’s not a one-off, and it’s not related to mac OS High Sierra vs mac OS Sierra. I sent feedback within Chrome, I wonder if it will get addressed. I can see how automatic updates could fail, but it’s just insane that one can manually check for updates and that fails to display the most current available version. That’s really, really BAD.
As with all bugs, something must trigger it and most likely that trigger is lacking for most users. But it’s a virtual impossibility that I am the only one having this issue with Chrome. Whether it is 1 in 100 or 1 in 1000 whatever, I have no idea. Anyone experiencing this bug is at risk.