All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com
Thank you for purchasing through links and ads on this site.
OWC / MacSales.com...
diglloyd Deal Finder...
Buy other stuff at Amazon.com...
Upgrade the memory of your 2019 iMac up to 128GB
128GB Memory in iMac 5K

Up to 128GB for 2019 iMac 5K!
Up to 64GB for 2015/2017 iMac 5K

Save nearly 50% over Apple pricing

SEVERE Security Issue: Google Chrome Might Claim Current Version When Actually Out-of-Date and At-Risk

In the screen shot below, the About Google Chrome window claims that Chrome is up to date. But Chrome is actually way out of date as the current version of Google Chrome (as of today) is Version 72.0.3626.121 — much newer. Yet the status reports up-to-date.

The implication is simple, but dire: a Google Chrome high severity security bug gone unfixednd will remain so unless the user manuall updates.

Without updates, bugs like the recent high security CVE-2019-5786 severe security bug will not get fixed because Chrome thinks it is up to date, thus exposing the user to security risks going back to the last manual download (which is the only way I was able to update Chrome).

Unlike most security bugs, the attack potential of bug fix in Google Chrome for CVE-2019-5786 was not theoretical; Google states “under active attacks” at the time of the patch.

Updating Chrome manually

Compare the versions before/after*. This is a surefire method since the latest version, downloaded manually, ensures it really is the latest.

  1. Open About => About Google Chrome and check the version.
  2. Download the latest version at https://www.google.com/chrome/. Use Safari if necessary, using Chrome to download Chrome failed instantly and 100% of the time. Perhaps it is related to the failure to detect the current version, a double bug.
  3. Compare version numbers.

* Amazingly, Google doesn't list version numbers on that download page.

It would be a reasonable position to not run Chrome at all given the risk of running an out-of-date browser well months beyond when the publicly details of Zero-day exploits have been released.

Chrome is actually way out of date — actual version is 72.0.3626.121

Not a fluke

I’ve seen false version status bug for years now, so it’s not a one-off, and it’s not related to mac OS High Sierra vs mac OS Sierra. I sent feedback within Chrome, I wonder if it will get addressed. I can see how automatic updates could fail, but it’s just insane that one can manually check for updates and that fails to display the most current available version. That’s really, really BAD.

As with all bugs, something must trigger it and most likely that trigger is lacking for most users. But it’s a virtual impossibility that I am the only one having this issue with Chrome. Whether it is 1 in 100 or 1 in 1000 whatever, I have no idea. Anyone experiencing this bug is at risk.


Save the tax, we pay you back, instantly!
B&H Deal ZoneDeals by Brand/Category/Savings
Deals expire in 14 hours unless noted. Certain deals may last longer.

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2019 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__